This repository has been archived by the owner on Mar 16, 2022. It is now read-only.
1.277.0
·
9 commits
to master
since this release
Notably, this release addresses:
USN-3932-2 USN-3932-2: Linux kernel (Xenial HWE) vulnerabilities:
- CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12does not properly track an allocated nid, which allows local users to causea denial of service (race condition) or possibly have unspecified otherimpact via concurrent threads.
- CVE-2018-13097: An issue was discovered in fs/f2fs/super.c in the Linux kernel through4.17.3. There is an out-of-bounds read or a divide-by-zero error for anincorrect user_block_count in a corrupted f2fs image, leading to a denialof service (BUG).
- CVE-2018-13099: An issue was discovered in fs/f2fs/inline.c in the Linux kernel through4.17.3. A denial of service (out-of-bounds memory access and BUG) can occurfor a modified f2fs filesystem image in which an inline inode contains aninvalid reserved blkaddr.
- CVE-2018-13100: An issue was discovered in fs/f2fs/super.c in the Linux kernel through4.17.3, which does not properly validate secs_per_zone in a corrupted f2fsimage, as demonstrated by a divide-by-zero error.
- CVE-2018-14610: An issue was discovered in the Linux kernel through 4.17.10. There isout-of-bounds access in write_extent_buffer() when mounting and operating acrafted btrfs image, because of a lack of verification that each blockgroup has a corresponding chunk at mount time, withinbtrfs_read_block_groups in fs/btrfs/extent-tree.c.
- CVE-2018-14611: An issue was discovered in the Linux kernel through 4.17.10. There is ause-after-free in try_merge_free_space() when mounting a crafted btrfsimage, because of a lack of chunk type flag checks inbtrfs_check_chunk_valid in fs/btrfs/volumes.c.
- CVE-2018-14612: An issue was discovered in the Linux kernel through 4.17.10. There is aninvalid pointer dereference in btrfs_root_node() when mounting a craftedbtrfs image, because of a lack of chunk block group mapping validation inbtrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-treechecks in check_leaf in fs/btrfs/tree-checker.c.
- CVE-2018-14613: An issue was discovered in the Linux kernel through 4.17.10. There is aninvalid pointer dereference in io_ctl_map_page() when mounting andoperating a crafted btrfs image, because of a lack of block group itemvalidation in check_leaf_item in fs/btrfs/tree-checker.c.
- CVE-2018-14614: An issue was discovered in the Linux kernel through 4.17.10. There is anout-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c whenmounting an f2fs image.
- CVE-2018-14616: An issue was discovered in the Linux kernel through 4.17.10. There is aNULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.cwhen operating on a file in a corrupted f2fs image.
- CVE-2018-16884: A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ sharesmounted in different network namespaces at the same time can makebc_svc_process() use wrong back-channel IDs and cause a use-after-freevulnerability. Thus a malicious container user can cause a host kernelmemory corruption and a system panic. Due to the nature of the flaw,privilege escalation cannot be fully ruled out.
- CVE-2018-9517: In pppol2tp_connect, there is possible memory corruption due to a use afterfree. This could lead to local escalation of privilege with Systemexecution privileges needed. User interaction is not needed forexploitation. Product: Android. Versions: Android kernel. Android ID:A-38159931.
- CVE-2019-3459: Heap address infoleak in use of l2cap_get_conf_opt
- CVE-2019-3460: Heap data infoleak in multiple locations includingfunctionl2cap_parse_conf_rsp
- CVE-2019-3701: An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linuxkernel through 4.19.13. The CAN frame modification rules allow bitwiselogical operations that can be also applied to the can_dlc field. Becauseof a missing check, the CAN drivers may write arbitrary content beyond thedata registers in the CAN controller's I/O memory when processing can-gwmanipulated outgoing frames. This is related to cgw_csum_xor_rel. Anunprivileged user can trigger a system crash (general protection fault).
- CVE-2019-3819: A flaw was found in the Linux kernel in the functionhid_debug_events_read() in drivers/hid/hid-debug.c file which may enter aninfinite loop with certain parameters passed from a userspace. A localprivileged user ("root") can cause a system lock up and a denial ofservice. Versions from v4.18 and newer are vulnerable.
- CVE-2019-6974: In the Linux kernel before 4.20.8, kvm_ioctl_create_device invirt/kvm/kvm_main.c mishandles reference counting because of a racecondition, leading to a use-after-free.
- CVE-2019-7221: The KVM implementation in the Linux kernel through 4.20.5 has aUse-after-Free.
- CVE-2019-7222: The KVM implementation in the Linux kernel through 4.20.5 has anInformation Leak.
- CVE-2019-9213: In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks acheck for the mmap minimum address, which makes it easier for attackers toexploit kernel NULL pointer dereferences on non-SMAP platforms. This isrelated to a capability check for the wrong task.
-ii apt 1.0.1ubuntu2.22 amd64 commandline package manager
-ii apt-utils 1.0.1ubuntu2.22 amd64 package management related utility programs
+ii apt 1.0.1ubuntu2.23 amd64 commandline package manager
+ii apt-utils 1.0.1ubuntu2.23 amd64 package management related utility programs
-ii libapt-inst1.5:amd64 1.0.1ubuntu2.22 amd64 deb package format runtime library
-ii libapt-pkg4.12:amd64 1.0.1ubuntu2.22 amd64 package management runtime library
+ii libapt-inst1.5:amd64 1.0.1ubuntu2.23 amd64 deb package format runtime library
+ii libapt-pkg4.12:amd64 1.0.1ubuntu2.23 amd64 package management runtime library
-ii linux-libc-dev:amd64 3.13.0-167.217 amd64 Linux Kernel Headers for development
+ii linux-libc-dev:amd64 3.13.0-168.218 amd64 Linux Kernel Headers for development