This repository has been archived by the owner on Mar 16, 2022. It is now read-only.
1.263.0
·
23 commits
to master
since this release
Notably, this release addresses:
USN-3879-2 USN-3879-2: Linux kernel (Xenial HWE) vulnerabilities:
- CVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem. A local user cancause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial ofservice, and a system crash by mounting and operating on a crafted ext4filesystem image.
- CVE-2018-16862: A security flaw was found in the Linux kernel in a way that the cleancachesubsystem clears an inode after the final file truncation (removal). Thenew file created with the same inode may contain leftover pages fromcleancache and the old file data instead of the new one.
- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernelthrough 4.19.2 allows local users to cause a denial of service (NULLpointer dereference and BUG) via crafted system calls that reach asituation where ioapic is uninitialized.
- CVE-2018-19824: In the Linux kernel through 4.19.6, a local user could exploit ause-after-free in the ALSA driver by supplying a malicious USB Sound device(with zero interfaces) that is mishandled in usb_audio_probe insound/usb/card.c.
- CVE-2018-20169: An issue was discovered in the Linux kernel before 4.19.9. The USBsubsystem mishandles size checks during the reading of an extra descriptor,related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.