Canonical has released new Linux kernel security updates for all supported Ubuntu Linux releases to address various security vulnarabilities.
Available for Ubuntu 19.04 (Disco Dingo), Ubuntu 18.10 (Cosmic Cuttlefish), Ubuntu 18.04 LTS (Bionic Beaver), and Ubuntu 16.04 LTS (Xenial Xerus), the new security patches are here to fix several issues affecting the Linux kernels of these releases, especially a security vulnerability (CVE-2019-11191) that only affects the i386 (32-bit) kernels of Ubuntu 18.10, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS, as Ubuntu 19.10 and Ubuntu 19.04 are not affected.
“Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. As a hardening measure, this update disables a.out support,” reads the security advisory.
For Ubuntu 19.04 and Ubuntu 16.04 LTS, the new security update also fixes a null pointer dereference flaw (CVE-2019-11810) in Linux kernel’s LSI Logic MegaRAID driver, which could let a local attacker to crash the system, as well as a race condition (CVE-2019-11815) discovered in Linux kernel’s Reliable Datagram Sockets (RDS) protocol implementation, which could allow a local attacker to crash the system or execute arbitrary code.
Users are urged to update their systems immediately
If you’re using Ubuntu, you must update the kernel as soon as possible to patch these security issues. The new Linux kernel versions are linux-image 5.0.0-16.17 for Ubuntu 19.04, linux-image 4.18.0-21.22 for Ubuntu 18.10, linux-image 4.15.0-51.55 for Ubuntu 18.04 LTS, linux-image 4.4.0-150.176 for Ubuntu 16.04 LTS, linux-image 4.18.0-21.22~18.04.1 for Ubuntu 18.04.2 LTS, and linux-image 4.15.0-51.55~16.04.1 for Ubuntu 16.04.6 LTS.
Updated Linux kernel packages are also available for special versions of the Ubuntu kernel for Raspberry Pi 2, Snapdragon processors, OEM processors, cloud environments, Amazon Web Services (AWS) systems, Oracle Cloud systems, and Google Cloud Platform (GCP) systems. All users are urged to update their systems as soon as possible following the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades.
>> Source Link