Ubuntu 6589 Published by

The following updates has been released for Ubuntu Linux:

USN-4004-1: Berkeley DB vulnerability
USN-4004-2: Berkeley DB vulnerability
USN-4005-1: Linux kernel vulnerabilities
USN-4006-1: Linux kernel vulnerability
USN-4006-2: Linux kernel (HWE) vulnerability
USN-4007-1: Linux kernel vulnerability
USN-4007-2: Linux kernel (HWE) vulnerability
USN-4008-1: Linux kernel vulnerabilities



USN-4004-1: Berkeley DB vulnerability


==========================================================================
Ubuntu Security Notice USN-4004-1
June 04, 2019

db5.3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Berkeley DB could be made to expose sensitive information.

Software Description:
- db5.3: Berkeley DB Utilities

Details:

It was discovered that Berkeley DB incorrectly handled certain inputs.
An attacker could possibly use this issue to read sensitive
information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
db5.3-sql-util 5.3.28+dfsg1-0.5ubuntu0.1
db5.3-util 5.3.28+dfsg1-0.5ubuntu0.1
libdb5.3 5.3.28+dfsg1-0.5ubuntu0.1
libdb5.3-sql 5.3.28+dfsg1-0.5ubuntu0.1
libdb5.3-sql-dev 5.3.28+dfsg1-0.5ubuntu0.1

Ubuntu 18.10:
db5.3-sql-util 5.3.28+dfsg1-0.1ubuntu0.1
db5.3-util 5.3.28+dfsg1-0.1ubuntu0.1
libdb5.3 5.3.28+dfsg1-0.1ubuntu0.1
libdb5.3-sql 5.3.28+dfsg1-0.1ubuntu0.1
libdb5.3-sql-dev 5.3.28+dfsg1-0.1ubuntu0.1

Ubuntu 18.04 LTS:
db5.3-sql-util 5.3.28-13.1ubuntu1.1
db5.3-util 5.3.28-13.1ubuntu1.1
libdb5.3 5.3.28-13.1ubuntu1.1
libdb5.3-sql 5.3.28-13.1ubuntu1.1
libdb5.3-sql-dev 5.3.28-13.1ubuntu1.1

Ubuntu 16.04 LTS:
db5.3-sql-util 5.3.28-11ubuntu0.2
db5.3-util 5.3.28-11ubuntu0.2
libdb5.3 5.3.28-11ubuntu0.2
libdb5.3-sql 5.3.28-11ubuntu0.2
libdb5.3-sql-dev 5.3.28-11ubuntu0.2

In general, a standard system update will make all the necessary
changes.

References:
https://usn.ubuntu.com/usn/usn-4004-1
CVE-2019-8457

Package Information:
https://launchpad.net/ubuntu/+source/db5.3/5.3.28+dfsg1-0.5ubuntu0.1
https://launchpad.net/ubuntu/+source/db5.3/5.3.28+dfsg1-0.1ubuntu0.1
https://launchpad.net/ubuntu/+source/db5.3/5.3.28-13.1ubuntu1.1
https://launchpad.net/ubuntu/+source/db5.3/5.3.28-11ubuntu0.2



USN-4004-2: Berkeley DB vulnerability


==========================================================================
Ubuntu Security Notice USN-4004-2
June 04, 2019

db5.3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 ESM

Summary:

Berkeley DB could be made to expose sensitive information.

Software Description:
- db5.3: Berkeley DB Utilities

Details:

USN-4004-1 fixed a vulnerability in Berkeley DB. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

 It was discovered that Berkeley DB incorrectly handled certain inputs.
 An attacker could possibly use this issue to read sensitive
 information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  db5.3-sql-util 5.3.28-3ubuntu3.1+esm1
  db5.3-util 5.3.28-3ubuntu3.1+esm1
  libdb5.3 5.3.28-3ubuntu3.1+esm1
  libdb5.3-sql 5.3.28-3ubuntu3.1+esm1
  libdb5.3-sql-dev 5.3.28-3ubuntu3.1+esm1

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-4004-2
  https://usn.ubuntu.com/usn/usn-4004-1
  CVE-2019-8457

USN-4005-1: Linux kernel vulnerabilities


=========================================================================
Ubuntu Security Notice USN-4005-1
June 04, 2019

linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon
vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors

Details:

It was discovered that a null pointer dereference vulnerability existed in
the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash). (CVE-2019-11810)

It was discovered that a race condition leading to a use-after-free existed
in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux
kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2019-11815)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
linux-image-5.0.0-1007-aws 5.0.0-1007.7
linux-image-5.0.0-1007-gcp 5.0.0-1007.7
linux-image-5.0.0-1007-kvm 5.0.0-1007.7
linux-image-5.0.0-1009-raspi2 5.0.0-1009.9
linux-image-5.0.0-1013-snapdragon 5.0.0-1013.13
linux-image-5.0.0-16-generic 5.0.0-16.17
linux-image-5.0.0-16-generic-lpae 5.0.0-16.17
linux-image-5.0.0-16-lowlatency 5.0.0-16.17
linux-image-aws 5.0.0.1007.7
linux-image-gcp 5.0.0.1007.7
linux-image-generic 5.0.0.16.17
linux-image-generic-lpae 5.0.0.16.17
linux-image-gke 5.0.0.1007.7
linux-image-kvm 5.0.0.1007.7
linux-image-lowlatency 5.0.0.16.17
linux-image-raspi2 5.0.0.1009.6
linux-image-snapdragon 5.0.0.1013.6

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4005-1
CVE-2019-11810, CVE-2019-11815

Package Information:
https://launchpad.net/ubuntu/+source/linux/5.0.0-16.17
https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1007.7
https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1007.7
https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1007.7
https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1009.9
https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1013.13

USN-4006-1: Linux kernel vulnerability


=========================================================================
Ubuntu Security Notice USN-4006-1
June 04, 2019

linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10

Summary:

A system hardening measure could be bypassed.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2

Details:

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.

As a hardening measure, this update disables a.out support.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
linux-image-4.18.0-1012-gcp 4.18.0-1012.13
linux-image-4.18.0-1013-kvm 4.18.0-1013.13
linux-image-4.18.0-1015-raspi2 4.18.0-1015.17
linux-image-4.18.0-1017-aws 4.18.0-1017.19
linux-image-4.18.0-21-generic 4.18.0-21.22
linux-image-4.18.0-21-generic-lpae 4.18.0-21.22
linux-image-4.18.0-21-lowlatency 4.18.0-21.22
linux-image-4.18.0-21-snapdragon 4.18.0-21.22
linux-image-aws 4.18.0.1017.17
linux-image-gcp 4.18.0.1012.12
linux-image-generic 4.18.0.21.22
linux-image-generic-lpae 4.18.0.21.22
linux-image-gke 4.18.0.1012.12
linux-image-kvm 4.18.0.1013.13
linux-image-lowlatency 4.18.0.21.22
linux-image-raspi2 4.18.0.1015.12
linux-image-snapdragon 4.18.0.21.22

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4006-1
CVE-2019-11191

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.18.0-21.22
https://launchpad.net/ubuntu/+source/linux-aws/4.18.0-1017.19
https://launchpad.net/ubuntu/+source/linux-gcp/4.18.0-1012.13
https://launchpad.net/ubuntu/+source/linux-kvm/4.18.0-1013.13
https://launchpad.net/ubuntu/+source/linux-raspi2/4.18.0-1015.17

USN-4006-2: Linux kernel (HWE) vulnerability


=========================================================================
Ubuntu Security Notice USN-4006-2
June 04, 2019

linux-hwe vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

A system hardening measure could be bypassed.

Software Description:
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

USN-4006-1 fixed a vulnerability in the Linux kernel for Ubuntu 18.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS.

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.

As a hardening measure, this update disables a.out support.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.18.0-21-generic 4.18.0-21.22~18.04.1
linux-image-4.18.0-21-generic-lpae 4.18.0-21.22~18.04.1
linux-image-4.18.0-21-lowlatency 4.18.0-21.22~18.04.1
linux-image-4.18.0-21-snapdragon 4.18.0-21.22~18.04.1
linux-image-generic-hwe-18.04 4.18.0.21.71
linux-image-generic-lpae-hwe-18.04 4.18.0.21.71
linux-image-lowlatency-hwe-18.04 4.18.0.21.71
linux-image-snapdragon-hwe-18.04 4.18.0.21.71

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4006-2
https://usn.ubuntu.com/4006-1
CVE-2019-11191

Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.18.0-21.22~18.04.1

USN-4007-1: Linux kernel vulnerability



==========================================================================
Ubuntu Security Notice USN-4007-1
June 04, 2019

linux, linux-aws, linux-gcp, linux-kvm, linux-oem, linux-oracle,
linux-raspi2, linux-snapdragon vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

A system hardening measure could be bypassed.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-meta:
- linux-oem: Linux kernel for OEM processors
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors

Details:

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.

As a hardening measure, this update disables a.out support.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.15.0-1014-oracle 4.15.0-1014.16
linux-image-4.15.0-1033-gcp 4.15.0-1033.35
linux-image-4.15.0-1035-kvm 4.15.0-1035.35
linux-image-4.15.0-1037-raspi2 4.15.0-1037.39
linux-image-4.15.0-1039-oem 4.15.0-1039.44
linux-image-4.15.0-1040-aws 4.15.0-1040.42
linux-image-4.15.0-1054-snapdragon 4.15.0-1054.58
linux-image-4.15.0-51-generic 4.15.0-51.55
linux-image-4.15.0-51-generic-lpae 4.15.0-51.55
linux-image-4.15.0-51-lowlatency 4.15.0-51.55
linux-image-aws 4.15.0.1040.39
linux-image-gcp 4.15.0.1033.35
linux-image-generic 4.15.0.51.53
linux-image-generic-lpae 4.15.0.51.53
linux-image-kvm 4.15.0.1035.35
linux-image-lowlatency 4.15.0.51.53
linux-image-oem 4.15.0.1039.43
linux-image-oracle 4.15.0.1014.17
linux-image-raspi2 4.15.0.1037.35
linux-image-snapdragon 4.15.0.1054.57

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4007-1
CVE-2019-11191

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-51.55
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1040.42
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1033.35
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1035.35
https://launchpad.net/ubuntu/+source/linux-meta/4.15.0.51.53
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1039.44
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1014.16
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1037.39
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1054.58


USN-4007-2: Linux kernel (HWE) vulnerability


=========================================================================
Ubuntu Security Notice USN-4007-2
June 04, 2019

linux-aws-hwe, linux-hwe, linux-oracle vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

A system hardening measure could be bypassed.

Software Description:
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-oracle: Linux kernel for Oracle Cloud systems

Details:

USN-4007-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu
16.04 LTS.

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.

As a hardening measure, this update disables a.out support.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.15.0-1014-oracle 4.15.0-1014.16~16.04.1
linux-image-4.15.0-1040-aws 4.15.0-1040.42~16.04.1
linux-image-4.15.0-51-generic 4.15.0-51.55~16.04.1
linux-image-4.15.0-51-generic-lpae 4.15.0-51.55~16.04.1
linux-image-4.15.0-51-lowlatency 4.15.0-51.55~16.04.1
linux-image-aws-hwe 4.15.0.1040.40
linux-image-generic-hwe-16.04 4.15.0.51.72
linux-image-generic-lpae-hwe-16.04 4.15.0.51.72
linux-image-lowlatency-hwe-16.04 4.15.0.51.72
linux-image-oem 4.15.0.51.72
linux-image-oracle 4.15.0.1014.8
linux-image-virtual-hwe-16.04 4.15.0.51.72

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4007-2
https://usn.ubuntu.com/4007-1
CVE-2019-11191

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1040.42~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-51.55~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1014.16~16.04.1

USN-4008-1: Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-4008-1
June 04, 2019

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors

Details:

Robert Święcki discovered that the Linux kernel did not properly apply
Address Space Layout Randomization (ASLR) in some situations for setuid elf
binaries. A local attacker could use this to improve the chances of
exploiting an existing vulnerability in a setuid elf binary.
(CVE-2019-11190)

It was discovered that a null pointer dereference vulnerability existed in
the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could
use this to cause a denial of service (system crash). (CVE-2019-11810)

It was discovered that a race condition leading to a use-after-free existed
in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux
kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2019-11815)

Federico Manuel Bento discovered that the Linux kernel did not properly
apply Address Space Layout Randomization (ASLR) in some situations for
setuid a.out binaries. A local attacker could use this to improve the
chances of exploiting an existing vulnerability in a setuid a.out binary.
(CVE-2019-11191)

As a hardening measure, this update disables a.out support.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1047-kvm 4.4.0-1047.53
linux-image-4.4.0-1084-aws 4.4.0-1084.94
linux-image-4.4.0-1110-raspi2 4.4.0-1110.118
linux-image-4.4.0-1114-snapdragon 4.4.0-1114.119
linux-image-4.4.0-150-generic 4.4.0-150.176
linux-image-4.4.0-150-generic-lpae 4.4.0-150.176
linux-image-4.4.0-150-lowlatency 4.4.0-150.176
linux-image-4.4.0-150-powerpc-e500mc 4.4.0-150.176
linux-image-4.4.0-150-powerpc-smp 4.4.0-150.176
linux-image-4.4.0-150-powerpc64-emb 4.4.0-150.176
linux-image-4.4.0-150-powerpc64-smp 4.4.0-150.176
linux-image-aws 4.4.0.1084.87
linux-image-generic 4.4.0.150.158
linux-image-generic-lpae 4.4.0.150.158
linux-image-kvm 4.4.0.1047.47
linux-image-lowlatency 4.4.0.150.158
linux-image-powerpc-e500mc 4.4.0.150.158
linux-image-powerpc-smp 4.4.0.150.158
linux-image-powerpc64-emb 4.4.0.150.158
linux-image-powerpc64-smp 4.4.0.150.158
linux-image-raspi2 4.4.0.1110.110
linux-image-snapdragon 4.4.0.1114.106
linux-image-virtual 4.4.0.150.158

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/4008-1
CVE-2019-11190, CVE-2019-11191, CVE-2019-11810, CVE-2019-11815

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-150.176
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1084.94
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1047.53
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1110.118
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1114.119