CentOS Errata and Security Advisory 2021:0661 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2021:0661
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
2079fcbe2c07aa0485612a667be1c81504654629f2931e7110664db306550787 thunderbird-78.8.0-1.el7.centos.x86_64.rpm
Source:
b1d0ae38d26dde16a81ac71b72f6368e625a7ccbed26d6dc8475c975d7569636 thunderbird-78.8.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Saturday, February 27, 2021
[CentOS-announce] CESA-2021:0656 Critical CentOS 7 firefox Security Update
CentOS Errata and Security Advisory 2021:0656 Critical
Upstream details at : https://access.redhat.com/errata/RHSA-2021:0656
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
c51cb2eba6f030cce0b81686cebf834e0aad1fb747875ef6fc8d06c6930fe18a firefox-78.8.0-1.el7.centos.i686.rpm
802ef81827f925a8e48e7eac8b4f0c0e44a7873cc15a96c696316840d6541191 firefox-78.8.0-1.el7.centos.x86_64.rpm
Source:
9fb25f49dbe9e585312f707a0303a6c6c1a19f2ab52f2b36e52c21b79225b925 firefox-78.8.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2021:0656
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
c51cb2eba6f030cce0b81686cebf834e0aad1fb747875ef6fc8d06c6930fe18a firefox-78.8.0-1.el7.centos.i686.rpm
802ef81827f925a8e48e7eac8b4f0c0e44a7873cc15a96c696316840d6541191 firefox-78.8.0-1.el7.centos.x86_64.rpm
Source:
9fb25f49dbe9e585312f707a0303a6c6c1a19f2ab52f2b36e52c21b79225b925 firefox-78.8.0-1.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2020:4046 CentOS 7 grub2 BugFix Update
CentOS Errata and Bugfix Advisory 2020:4046
Upstream details at : https://access.redhat.com/errata/RHBA-2020:4046
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
abb495131866830ec1e5474b69876de363e44c471e7221b10ce992f1f526f966 grub2-2.02-0.87.el7.centos.x86_64.rpm
50c11af52b9c7aba5a74a2beb07e802550af036c3a37feb00b9bfca7b241ffa1 grub2-common-2.02-0.87.el7.centos.noarch.rpm
72b814596920effa935ebdde082d64181b5aa2f44485a058f2535c54828f931e grub2-efi-ia32-2.02-0.87.el7.centos.x86_64.rpm
ce893faa55582d8281001d9876f4ceaddca9de5adf25f32692196a6e85a1aa48 grub2-efi-ia32-cdboot-2.02-0.87.el7.centos.x86_64.rpm
5d260748ee7254fcf65c3e3312e541e2f9883d21279926f45ee85ad44eb5b4e7 grub2-efi-ia32-modules-2.02-0.87.el7.centos.noarch.rpm
f659cc4a3ded31fe85ee2123860696b26f1983182f66c76b6a76d0e5dc5f3d2f grub2-efi-x64-2.02-0.87.el7.centos.x86_64.rpm
05a40b72da0cf303bc79e3b58cda8c7f7edb3f19a201eca57225af9a1e012beb grub2-efi-x64-cdboot-2.02-0.87.el7.centos.x86_64.rpm
f2ef03a6ec5037c50e7f13a6a7c2465e14b247e48ec9b158e91bbf86094e3dd1 grub2-efi-x64-modules-2.02-0.87.el7.centos.noarch.rpm
bd55b6e53bef2770d4702bf6fb6bcd13145e761a809da1a07423a7e1e3898f82 grub2-i386-modules-2.02-0.87.el7.centos.noarch.rpm
dc1039bae026e06f606e2a26e159743f3cf3ed19a75609cb5664372c17b4d90c grub2-pc-2.02-0.87.el7.centos.x86_64.rpm
456aa067cc96e03aaa605e52a86cc973f7a8dab09337cce112097a4608dd143a grub2-pc-modules-2.02-0.87.el7.centos.noarch.rpm
82bf486bffe227eaa4681fdcf6cb4c2225d25b5dbdad8b4009f3da4a506834ef grub2-tools-2.02-0.87.el7.centos.x86_64.rpm
0eb359490eab964f970cb8d6fd9987a38a3e3f9c585348941c53fb1b709c71f1 grub2-tools-extra-2.02-0.87.el7.centos.x86_64.rpm
c0e72c1dbf2c72f272577dc891736d1403dd928b5e9f236721ea261f99677b61 grub2-tools-minimal-2.02-0.87.el7.centos.x86_64.rpm
Source:
b54c7d7d22e344b19816c6b891484dd12659442b088bab993053889a28dea14d grub2-2.02-0.87.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHBA-2020:4046
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
abb495131866830ec1e5474b69876de363e44c471e7221b10ce992f1f526f966 grub2-2.02-0.87.el7.centos.x86_64.rpm
50c11af52b9c7aba5a74a2beb07e802550af036c3a37feb00b9bfca7b241ffa1 grub2-common-2.02-0.87.el7.centos.noarch.rpm
72b814596920effa935ebdde082d64181b5aa2f44485a058f2535c54828f931e grub2-efi-ia32-2.02-0.87.el7.centos.x86_64.rpm
ce893faa55582d8281001d9876f4ceaddca9de5adf25f32692196a6e85a1aa48 grub2-efi-ia32-cdboot-2.02-0.87.el7.centos.x86_64.rpm
5d260748ee7254fcf65c3e3312e541e2f9883d21279926f45ee85ad44eb5b4e7 grub2-efi-ia32-modules-2.02-0.87.el7.centos.noarch.rpm
f659cc4a3ded31fe85ee2123860696b26f1983182f66c76b6a76d0e5dc5f3d2f grub2-efi-x64-2.02-0.87.el7.centos.x86_64.rpm
05a40b72da0cf303bc79e3b58cda8c7f7edb3f19a201eca57225af9a1e012beb grub2-efi-x64-cdboot-2.02-0.87.el7.centos.x86_64.rpm
f2ef03a6ec5037c50e7f13a6a7c2465e14b247e48ec9b158e91bbf86094e3dd1 grub2-efi-x64-modules-2.02-0.87.el7.centos.noarch.rpm
bd55b6e53bef2770d4702bf6fb6bcd13145e761a809da1a07423a7e1e3898f82 grub2-i386-modules-2.02-0.87.el7.centos.noarch.rpm
dc1039bae026e06f606e2a26e159743f3cf3ed19a75609cb5664372c17b4d90c grub2-pc-2.02-0.87.el7.centos.x86_64.rpm
456aa067cc96e03aaa605e52a86cc973f7a8dab09337cce112097a4608dd143a grub2-pc-modules-2.02-0.87.el7.centos.noarch.rpm
82bf486bffe227eaa4681fdcf6cb4c2225d25b5dbdad8b4009f3da4a506834ef grub2-tools-2.02-0.87.el7.centos.x86_64.rpm
0eb359490eab964f970cb8d6fd9987a38a3e3f9c585348941c53fb1b709c71f1 grub2-tools-extra-2.02-0.87.el7.centos.x86_64.rpm
c0e72c1dbf2c72f272577dc891736d1403dd928b5e9f236721ea261f99677b61 grub2-tools-minimal-2.02-0.87.el7.centos.x86_64.rpm
Source:
b54c7d7d22e344b19816c6b891484dd12659442b088bab993053889a28dea14d grub2-2.02-0.87.el7.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2021:0024 Important CentOS 7 ImageMagick Security Update
CentOS Errata and Security Advisory 2021:0024 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2021:0024
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
49941263a7a0309c58b3d3e00ab81c56b1ee1a70b49b873188cc23686f5d3d9b ImageMagick-6.9.10.68-5.el7_9.i686.rpm
8b82511897f48ce484e303fe650c32ea1191e71ee0cbd9aff580743fa4f9067c ImageMagick-6.9.10.68-5.el7_9.x86_64.rpm
3d1f2217dd6b5ed505a6858933c562175be86840b5c6c7328291ec8c31333a56 ImageMagick-c++-6.9.10.68-5.el7_9.i686.rpm
208142489b5b939b70a9d0d5242ac84ad700f6bc7f8549c1b26d447993c66b86 ImageMagick-c++-6.9.10.68-5.el7_9.x86_64.rpm
3fb72ac0367e9afd39874f48b9a0b356b9cbb0b86d41265538358ef72583d32d ImageMagick-c++-devel-6.9.10.68-5.el7_9.i686.rpm
fb00ca97e06f7da066e8d05cafb17b9f9680e39f50979090e489d8a1720bb4d4 ImageMagick-c++-devel-6.9.10.68-5.el7_9.x86_64.rpm
d45776ea070dd01bfa5681b3d5be4cd2fdb7fe2baac5c1720ab216221ef7ddf8 ImageMagick-devel-6.9.10.68-5.el7_9.i686.rpm
b095f7fcbb5d718e30c01471ddebc9eca7b0315ab21ba2c286f3e4c44b8bf2b1 ImageMagick-devel-6.9.10.68-5.el7_9.x86_64.rpm
4c39fd8baa3677dd6ae1debc1bc8f2bcb012f024717dc7b97179d39ba6e3853f ImageMagick-doc-6.9.10.68-5.el7_9.x86_64.rpm
4dc1a1327e468460b517ab53ed5f213f2ea0b15a999fc2c3f80d7d5b477118cd ImageMagick-perl-6.9.10.68-5.el7_9.x86_64.rpm
Source:
22f7687f463972266acf1480018df3edab9c5b809501a842b97042deef75bf90 ImageMagick-6.9.10.68-5.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2021:0024
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
49941263a7a0309c58b3d3e00ab81c56b1ee1a70b49b873188cc23686f5d3d9b ImageMagick-6.9.10.68-5.el7_9.i686.rpm
8b82511897f48ce484e303fe650c32ea1191e71ee0cbd9aff580743fa4f9067c ImageMagick-6.9.10.68-5.el7_9.x86_64.rpm
3d1f2217dd6b5ed505a6858933c562175be86840b5c6c7328291ec8c31333a56 ImageMagick-c++-6.9.10.68-5.el7_9.i686.rpm
208142489b5b939b70a9d0d5242ac84ad700f6bc7f8549c1b26d447993c66b86 ImageMagick-c++-6.9.10.68-5.el7_9.x86_64.rpm
3fb72ac0367e9afd39874f48b9a0b356b9cbb0b86d41265538358ef72583d32d ImageMagick-c++-devel-6.9.10.68-5.el7_9.i686.rpm
fb00ca97e06f7da066e8d05cafb17b9f9680e39f50979090e489d8a1720bb4d4 ImageMagick-c++-devel-6.9.10.68-5.el7_9.x86_64.rpm
d45776ea070dd01bfa5681b3d5be4cd2fdb7fe2baac5c1720ab216221ef7ddf8 ImageMagick-devel-6.9.10.68-5.el7_9.i686.rpm
b095f7fcbb5d718e30c01471ddebc9eca7b0315ab21ba2c286f3e4c44b8bf2b1 ImageMagick-devel-6.9.10.68-5.el7_9.x86_64.rpm
4c39fd8baa3677dd6ae1debc1bc8f2bcb012f024717dc7b97179d39ba6e3853f ImageMagick-doc-6.9.10.68-5.el7_9.x86_64.rpm
4dc1a1327e468460b517ab53ed5f213f2ea0b15a999fc2c3f80d7d5b477118cd ImageMagick-perl-6.9.10.68-5.el7_9.x86_64.rpm
Source:
22f7687f463972266acf1480018df3edab9c5b809501a842b97042deef75bf90 ImageMagick-6.9.10.68-5.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:5408 Important CentOS 7 xorg-x11-server Security Update
CentOS Errata and Security Advisory 2020:5408 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:5408
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
5ba93bb7af0fa5612cec66a27e5736fb8c5460ccfc0e32ff2e9e8c97c2587a3f xorg-x11-server-common-1.20.4-15.el7_9.x86_64.rpm
8300c30550c66d4567d56de5063d79d5818aea066707cfcf6638dd2811bd74fc xorg-x11-server-devel-1.20.4-15.el7_9.i686.rpm
40a441051ed2bb80ba7bf16effb6ef562dc02cffbcb40be34952dcdc20a3b66c xorg-x11-server-devel-1.20.4-15.el7_9.x86_64.rpm
bb3864015d5c6e8d0e5f6d4ad1683af99c0b275dcf2efcaee1e4aebf6d78082d xorg-x11-server-source-1.20.4-15.el7_9.noarch.rpm
375dc1e4e253dad77a1c726888c330f2d32bfac978fb2501318c810a4fb93843 xorg-x11-server-Xdmx-1.20.4-15.el7_9.x86_64.rpm
fc23786485123d8fc0e167c65ecee809b1c1047c61cea465e243cf4b64b2a78e xorg-x11-server-Xephyr-1.20.4-15.el7_9.x86_64.rpm
a79594486e59ec5b826e79499c455a6d627baff4bdc3f3df763e5018309b5f9c xorg-x11-server-Xnest-1.20.4-15.el7_9.x86_64.rpm
38116fc986dbde5d1071bccc99bf83579d9cf9cfe210af409971b02a8225df2e xorg-x11-server-Xorg-1.20.4-15.el7_9.x86_64.rpm
27534a1920262b79fa35a9509e192cd19a2916bb7b11d0db13f71ae7cff375a9 xorg-x11-server-Xvfb-1.20.4-15.el7_9.x86_64.rpm
b0d7b591888b6fd49b457c15fa981112edaa1d269c881960174a8676102cad81 xorg-x11-server-Xwayland-1.20.4-15.el7_9.x86_64.rpm
Source:
aa1a835131bbf66abfd0409afc8d8cf66e6ae6e5c446c0aa7c773d037b730a41 xorg-x11-server-1.20.4-15.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:5408
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
5ba93bb7af0fa5612cec66a27e5736fb8c5460ccfc0e32ff2e9e8c97c2587a3f xorg-x11-server-common-1.20.4-15.el7_9.x86_64.rpm
8300c30550c66d4567d56de5063d79d5818aea066707cfcf6638dd2811bd74fc xorg-x11-server-devel-1.20.4-15.el7_9.i686.rpm
40a441051ed2bb80ba7bf16effb6ef562dc02cffbcb40be34952dcdc20a3b66c xorg-x11-server-devel-1.20.4-15.el7_9.x86_64.rpm
bb3864015d5c6e8d0e5f6d4ad1683af99c0b275dcf2efcaee1e4aebf6d78082d xorg-x11-server-source-1.20.4-15.el7_9.noarch.rpm
375dc1e4e253dad77a1c726888c330f2d32bfac978fb2501318c810a4fb93843 xorg-x11-server-Xdmx-1.20.4-15.el7_9.x86_64.rpm
fc23786485123d8fc0e167c65ecee809b1c1047c61cea465e243cf4b64b2a78e xorg-x11-server-Xephyr-1.20.4-15.el7_9.x86_64.rpm
a79594486e59ec5b826e79499c455a6d627baff4bdc3f3df763e5018309b5f9c xorg-x11-server-Xnest-1.20.4-15.el7_9.x86_64.rpm
38116fc986dbde5d1071bccc99bf83579d9cf9cfe210af409971b02a8225df2e xorg-x11-server-Xorg-1.20.4-15.el7_9.x86_64.rpm
27534a1920262b79fa35a9509e192cd19a2916bb7b11d0db13f71ae7cff375a9 xorg-x11-server-Xvfb-1.20.4-15.el7_9.x86_64.rpm
b0d7b591888b6fd49b457c15fa981112edaa1d269c881960174a8676102cad81 xorg-x11-server-Xwayland-1.20.4-15.el7_9.x86_64.rpm
Source:
aa1a835131bbf66abfd0409afc8d8cf66e6ae6e5c446c0aa7c773d037b730a41 xorg-x11-server-1.20.4-15.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CESA-2020:5402 Important CentOS 7 libexif Security Update
CentOS Errata and Security Advisory 2020:5402 Important
Upstream details at : https://access.redhat.com/errata/RHSA-2020:5402
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
3bb0da4f1c883b5aaa0ad687bcc2022ba9573d912ff906b6657bc7e96676c5d9 libexif-0.6.22-2.el7_9.i686.rpm
49776569805f34f9417a664fb394e7bff8444fee386100309ce6306cba1c8b1a libexif-0.6.22-2.el7_9.x86_64.rpm
6dafcb9ecc7ca14a4ae5417e71c1fee10a7213e0ebf3d3750cbd23a8cacf5eef libexif-devel-0.6.22-2.el7_9.i686.rpm
618179611cd44ba685db172d3afd1dc0248e66533a35b8e46cdf118d812340d3 libexif-devel-0.6.22-2.el7_9.x86_64.rpm
0c9cd97e333e5ea85907e92483ef91dbdb08349b7e29916dcf5c08061c74f836 libexif-doc-0.6.22-2.el7_9.x86_64.rpm
Source:
3729ce39ae2b4b5ca93513cb15046a4b55ada0662f3ee6888927e6caad3f5709 libexif-0.6.22-2.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2020:5402
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
3bb0da4f1c883b5aaa0ad687bcc2022ba9573d912ff906b6657bc7e96676c5d9 libexif-0.6.22-2.el7_9.i686.rpm
49776569805f34f9417a664fb394e7bff8444fee386100309ce6306cba1c8b1a libexif-0.6.22-2.el7_9.x86_64.rpm
6dafcb9ecc7ca14a4ae5417e71c1fee10a7213e0ebf3d3750cbd23a8cacf5eef libexif-devel-0.6.22-2.el7_9.i686.rpm
618179611cd44ba685db172d3afd1dc0248e66533a35b8e46cdf118d812340d3 libexif-devel-0.6.22-2.el7_9.x86_64.rpm
0c9cd97e333e5ea85907e92483ef91dbdb08349b7e29916dcf5c08061c74f836 libexif-doc-0.6.22-2.el7_9.x86_64.rpm
Source:
3729ce39ae2b4b5ca93513cb15046a4b55ada0662f3ee6888927e6caad3f5709 libexif-0.6.22-2.el7_9.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2021:0623 CentOS 7 microcode_ctl BugFix Update
CentOS Errata and Bugfix Advisory 2021:0623
Upstream details at : https://access.redhat.com/errata/RHBA-2021:0623
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
0cf6bb4e5beb49f3a45a5171babb25685cf72156e8666dc2a57f9fef6af67838 microcode_ctl-2.1-73.8.el7_9.x86_64.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHBA-2021:0623
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
0cf6bb4e5beb49f3a45a5171babb25685cf72156e8666dc2a57f9fef6af67838 microcode_ctl-2.1-73.8.el7_9.x86_64.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Friday, February 26, 2021
[announce] Next NYC*Bug: March 3rd Gaming on OpenBSD: Pearls, Pitfalls, Paranoia
The Next NYC*Bug Zoom meeting will be held March 3rd 18:45 EST / 23:45 UTC
Gaming on OpenBSD: Pearls, Pitfalls, Paranoia, by Thomas Frohwein
OpenBSD has had a long-standing reputation for its security focus, but
is also surprisingly good as a desktop OS once you've made it past the
initial barriers. It hasn't been known for gaming (other than
tetris(6)), leading users to play on other platforms like a Windows
box or game consoles. But now, things are changing one
emulator|sourceport|game engine at a time.
Follow thfr@ on a years-long journey to try to extend the advantages
offered by OpenBSD to more and better gaming - from hardware support
to security mitigations at play, to ultimately overcoming multiple
barriers and growing both OpenBSD's gaming library and its gaming
community.
For Zoom meeting details, email to rsvp AT lists.nycbug.org, and
details will be sent on the day of the meeting.
Speaker Biography
Thomas Frohwein is a German expat living in Montana. He has been
OpenBSD user since 2014, and developer (thfr@) since 2018. His primary
focus has been improving gaming options on OpenBSD and he maintains
the (eternally unfinished) webpage playonbsd.com with the infamous
shopping guide in an attempt to sabotage the productivity of OpenBSD
hackers and tempt them to drain their notoriously low bank accounts.
His dayjob is working as a physician which in this day and age is
almost equivalent to being an IT specialist.
More Info and Zoom invite details:
https://www.nycbug.org/index?action=view&id=10681
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://lists.nycbug.org:8080/mailman/listinfo/announce
Gaming on OpenBSD: Pearls, Pitfalls, Paranoia, by Thomas Frohwein
OpenBSD has had a long-standing reputation for its security focus, but
is also surprisingly good as a desktop OS once you've made it past the
initial barriers. It hasn't been known for gaming (other than
tetris(6)), leading users to play on other platforms like a Windows
box or game consoles. But now, things are changing one
emulator|sourceport|game engine at a time.
Follow thfr@ on a years-long journey to try to extend the advantages
offered by OpenBSD to more and better gaming - from hardware support
to security mitigations at play, to ultimately overcoming multiple
barriers and growing both OpenBSD's gaming library and its gaming
community.
For Zoom meeting details, email to rsvp AT lists.nycbug.org, and
details will be sent on the day of the meeting.
Speaker Biography
Thomas Frohwein is a German expat living in Montana. He has been
OpenBSD user since 2014, and developer (thfr@) since 2018. His primary
focus has been improving gaming options on OpenBSD and he maintains
the (eternally unfinished) webpage playonbsd.com with the infamous
shopping guide in an attempt to sabotage the productivity of OpenBSD
hackers and tempt them to drain their notoriously low bank accounts.
His dayjob is working as a physician which in this day and age is
almost equivalent to being an IT specialist.
More Info and Zoom invite details:
https://www.nycbug.org/index?action=view&id=10681
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://lists.nycbug.org:8080/mailman/listinfo/announce
Thursday, February 25, 2021
[USN-4754-2] Python regression
==========================================================================
Ubuntu Security Notice USN-4754-2
February 25, 2021
python2.7 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
USN-4754-1 introduced a regression in Python2.7.
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a
regression in Python 2.7. This update reverts the security fix pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2020-27619, CVE-2021-3177)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
python2.7 2.7.17-1~18.04ubuntu1.5
python2.7-minimal 2.7.17-1~18.04ubuntu1.5
Ubuntu 16.04 LTS:
python2.7 2.7.12-1ubuntu0~16.04.16
python2.7-minimal 2.7.12-1ubuntu0~16.04.16
Ubuntu 14.04 ESM:
python2.7 2.7.6-8ubuntu0.6+esm9
python2.7-minimal 2.7.6-8ubuntu0.6+esm9
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4754-2
https://usn.ubuntu.com/4754-1
https://launchpad.net/bugs/1916893
Package Information:
https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.5
https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.16
Ubuntu Security Notice USN-4754-2
February 25, 2021
python2.7 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
USN-4754-1 introduced a regression in Python2.7.
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a
regression in Python 2.7. This update reverts the security fix pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2020-27619, CVE-2021-3177)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
python2.7 2.7.17-1~18.04ubuntu1.5
python2.7-minimal 2.7.17-1~18.04ubuntu1.5
Ubuntu 16.04 LTS:
python2.7 2.7.12-1ubuntu0~16.04.16
python2.7-minimal 2.7.12-1ubuntu0~16.04.16
Ubuntu 14.04 ESM:
python2.7 2.7.6-8ubuntu0.6+esm9
python2.7-minimal 2.7.6-8ubuntu0.6+esm9
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4754-2
https://usn.ubuntu.com/4754-1
https://launchpad.net/bugs/1916893
Package Information:
https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.5
https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.16
[USN-4755-1] LibTIFF vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4755-1
February 25, 2021
tiff vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in LibTIFF.
Software Description:
- tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libtiff-tools 4.1.0+git191117-2ubuntu0.20.10.1
libtiff5 4.1.0+git191117-2ubuntu0.20.10.1
Ubuntu 20.04 LTS:
libtiff-tools 4.1.0+git191117-2ubuntu0.20.04.1
libtiff5 4.1.0+git191117-2ubuntu0.20.04.1
Ubuntu 18.04 LTS:
libtiff-tools 4.0.9-5ubuntu0.4
libtiff5 4.0.9-5ubuntu0.4
Ubuntu 16.04 LTS:
libtiff-tools 4.0.6-1ubuntu0.8
libtiff5 4.0.6-1ubuntu0.8
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4755-1
CVE-2020-35523, CVE-2020-35524
Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.10.1
https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.4
https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.8
Ubuntu Security Notice USN-4755-1
February 25, 2021
tiff vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in LibTIFF.
Software Description:
- tiff: Tag Image File Format (TIFF) library
Details:
It was discovered that LibTIFF incorrectly handled certain malformed
images. If a user or automated system were tricked into opening a specially
crafted image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
libtiff-tools 4.1.0+git191117-2ubuntu0.20.10.1
libtiff5 4.1.0+git191117-2ubuntu0.20.10.1
Ubuntu 20.04 LTS:
libtiff-tools 4.1.0+git191117-2ubuntu0.20.04.1
libtiff5 4.1.0+git191117-2ubuntu0.20.04.1
Ubuntu 18.04 LTS:
libtiff-tools 4.0.9-5ubuntu0.4
libtiff5 4.0.9-5ubuntu0.4
Ubuntu 16.04 LTS:
libtiff-tools 4.0.6-1ubuntu0.8
libtiff5 4.0.6-1ubuntu0.8
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4755-1
CVE-2020-35523, CVE-2020-35524
Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.10.1
https://launchpad.net/ubuntu/+source/tiff/4.1.0+git191117-2ubuntu0.20.04.1
https://launchpad.net/ubuntu/+source/tiff/4.0.9-5ubuntu0.4
https://launchpad.net/ubuntu/+source/tiff/4.0.6-1ubuntu0.8
[USN-4754-1] Python vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4754-1
February 25, 2021
python2.7, python3.4, python3.5, python3.6, python3.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Python could be made to execute arbitrary code or denial of service if it
received a specially crafted input.
Software Description:
- python3.8: Interactive high-level object-oriented language (version 3.8)
- python2.7: An interactive high-level object-oriented language
- python3.6: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language
- python3.4: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2020-27619, CVE-2021-3177)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
python3.8 3.8.6-1ubuntu0.2
python3.8-minimal 3.8.6-1ubuntu0.2
Ubuntu 20.04 LTS:
python3.8 3.8.5-1~20.04.2
python3.8-minimal 3.8.5-1~20.04.2
Ubuntu 18.04 LTS:
python2.7 2.7.17-1~18.04ubuntu1.3
python2.7-minimal 2.7.17-1~18.04ubuntu1.3
python3.6 3.6.9-1~18.04ubuntu1.4
python3.6-minimal 3.6.9-1~18.04ubuntu1.4
Ubuntu 16.04 LTS:
python2.7 2.7.12-1ubuntu0~16.04.14
python2.7-minimal 2.7.12-1ubuntu0~16.04.14
python3.5 3.5.2-2ubuntu0~16.04.13
python3.5-minimal 3.5.2-2ubuntu0~16.04.13
Ubuntu 14.04 ESM:
python2.7 2.7.6-8ubuntu0.6+esm8
python2.7-minimal 2.7.6-8ubuntu0.6+esm8
python3.4 3.4.3-1ubuntu1~14.04.7+esm10
python3.4-minimal 3.4.3-1ubuntu1~14.04.7+esm10
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4754-1
CVE-2020-27619, CVE-2021-3177
Package Information:
https://launchpad.net/ubuntu/+source/python3.8/3.8.6-1ubuntu0.2
https://launchpad.net/ubuntu/+source/python3.8/3.8.5-1~20.04.2
https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.3
https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.4
https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.14
https://launchpad.net/ubuntu/+source/python3.5/3.5.2-2ubuntu0~16.04.13
Ubuntu Security Notice USN-4754-1
February 25, 2021
python2.7, python3.4, python3.5, python3.6, python3.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Python could be made to execute arbitrary code or denial of service if it
received a specially crafted input.
Software Description:
- python3.8: Interactive high-level object-oriented language (version 3.8)
- python2.7: An interactive high-level object-oriented language
- python3.6: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language
- python3.4: An interactive high-level object-oriented language
Details:
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code
or cause a denial of service. (CVE-2020-27619, CVE-2021-3177)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
python3.8 3.8.6-1ubuntu0.2
python3.8-minimal 3.8.6-1ubuntu0.2
Ubuntu 20.04 LTS:
python3.8 3.8.5-1~20.04.2
python3.8-minimal 3.8.5-1~20.04.2
Ubuntu 18.04 LTS:
python2.7 2.7.17-1~18.04ubuntu1.3
python2.7-minimal 2.7.17-1~18.04ubuntu1.3
python3.6 3.6.9-1~18.04ubuntu1.4
python3.6-minimal 3.6.9-1~18.04ubuntu1.4
Ubuntu 16.04 LTS:
python2.7 2.7.12-1ubuntu0~16.04.14
python2.7-minimal 2.7.12-1ubuntu0~16.04.14
python3.5 3.5.2-2ubuntu0~16.04.13
python3.5-minimal 3.5.2-2ubuntu0~16.04.13
Ubuntu 14.04 ESM:
python2.7 2.7.6-8ubuntu0.6+esm8
python2.7-minimal 2.7.6-8ubuntu0.6+esm8
python3.4 3.4.3-1ubuntu1~14.04.7+esm10
python3.4-minimal 3.4.3-1ubuntu1~14.04.7+esm10
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4754-1
CVE-2020-27619, CVE-2021-3177
Package Information:
https://launchpad.net/ubuntu/+source/python3.8/3.8.6-1ubuntu0.2
https://launchpad.net/ubuntu/+source/python3.8/3.8.5-1~20.04.2
https://launchpad.net/ubuntu/+source/python2.7/2.7.17-1~18.04ubuntu1.3
https://launchpad.net/ubuntu/+source/python3.6/3.6.9-1~18.04ubuntu1.4
https://launchpad.net/ubuntu/+source/python2.7/2.7.12-1ubuntu0~16.04.14
https://launchpad.net/ubuntu/+source/python3.5/3.5.2-2ubuntu0~16.04.13
[USN-4751-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4751-1
February 25, 2021
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm,
linux-oracle, linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi (V8) systems
- linux-hwe-5.8: Linux hardware enablement (HWE) kernel
Details:
It was discovered that the console keyboard driver in the Linux kernel
contained a race condition. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-25656)
Minh Yuan discovered that the tty driver in the Linux kernel contained race
conditions when handling fonts. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-25668)
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
Julien Grall discovered that the Xen dom0 event handler in the Linux kernel
did not properly limit the number of events queued. An attacker in a guest
VM could use this to cause a denial of service in the host OS.
(CVE-2020-27673)
Jinoh Kang discovered that the Xen event channel infrastructure in the
Linux kernel contained a race condition. An attacker in guest could
possibly use this to cause a denial of service (dom0 crash).
(CVE-2020-27675)
Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)
Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in
the Linux kernel did not correctly handle setting line discipline in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2020-27830, CVE-2020-28941)
It was discovered that a use-after-free vulnerability existed in the
infiniband hfi1 device driver in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2020-27835)
It was discovered that an information leak existed in the syscall
implementation in the Linux kernel on 32 bit systems. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2020-28588)
Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. A local attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information (kernel memory). (CVE-2020-28974)
Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)
Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the
Xen paravirt block backend in the Linux kernel, leading to a use-after-free
vulnerability. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29569)
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)
Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
It was discovered that a race condition existed that caused the Linux
kernel to not properly restrict exit signal delivery. A local attacker
could possibly use this to send signals to arbitrary processes.
(CVE-2020-35508)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
linux-image-5.8.0-1016-raspi 5.8.0-1016.19
linux-image-5.8.0-1016-raspi-nolpae 5.8.0-1016.19
linux-image-5.8.0-1019-kvm 5.8.0-1019.21
linux-image-5.8.0-1021-oracle 5.8.0-1021.22
linux-image-5.8.0-1023-azure 5.8.0-1023.25
linux-image-5.8.0-1023-gcp 5.8.0-1023.24
linux-image-5.8.0-1024-aws 5.8.0-1024.26
linux-image-5.8.0-44-generic 5.8.0-44.50
linux-image-5.8.0-44-generic-64k 5.8.0-44.50
linux-image-5.8.0-44-generic-lpae 5.8.0-44.50
linux-image-5.8.0-44-lowlatency 5.8.0-44.50
linux-image-aws 5.8.0.1024.26
linux-image-azure 5.8.0.1023.23
linux-image-gcp 5.8.0.1023.23
linux-image-generic 5.8.0.44.49
linux-image-generic-64k 5.8.0.44.49
linux-image-generic-lpae 5.8.0.44.49
linux-image-gke 5.8.0.1023.23
linux-image-kvm 5.8.0.1019.21
linux-image-lowlatency 5.8.0.44.49
linux-image-oem-20.04 5.8.0.44.49
linux-image-oracle 5.8.0.1021.20
linux-image-raspi 5.8.0.1016.19
linux-image-raspi-nolpae 5.8.0.1016.19
linux-image-virtual 5.8.0.44.49
Ubuntu 20.04 LTS:
linux-image-5.8.0-44-generic 5.8.0-44.50~20.04.1
linux-image-5.8.0-44-generic-lpae 5.8.0-44.50~20.04.1
linux-image-5.8.0-44-lowlatency 5.8.0-44.50~20.04.1
linux-image-generic-64k-hwe-20.04 5.8.0.44.50~20.04.30
linux-image-generic-hwe-20.04 5.8.0.44.50~20.04.30
linux-image-generic-lpae-hwe-20.04 5.8.0.44.50~20.04.30
linux-image-lowlatency-hwe-20.04 5.8.0.44.50~20.04.30
linux-image-virtual-hwe-20.04 5.8.0.44.50~20.04.30
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4751-1
CVE-2020-25656, CVE-2020-25668, CVE-2020-25669, CVE-2020-25704,
CVE-2020-27673, CVE-2020-27675, CVE-2020-27777, CVE-2020-27815,
CVE-2020-27830, CVE-2020-27835, CVE-2020-28588, CVE-2020-28941,
CVE-2020-28974, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660,
CVE-2020-29661, CVE-2020-35508
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.8.0-44.50
https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1024.26
https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1023.25
https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1023.24
https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1019.21
https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1021.22
https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1016.19
https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-44.50~20.04.1
Ubuntu Security Notice USN-4751-1
February 25, 2021
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm,
linux-oracle, linux-raspi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi (V8) systems
- linux-hwe-5.8: Linux hardware enablement (HWE) kernel
Details:
It was discovered that the console keyboard driver in the Linux kernel
contained a race condition. A local attacker could use this to expose
sensitive information (kernel memory). (CVE-2020-25656)
Minh Yuan discovered that the tty driver in the Linux kernel contained race
conditions when handling fonts. A local attacker could possibly use this to
expose sensitive information (kernel memory). (CVE-2020-25668)
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
Julien Grall discovered that the Xen dom0 event handler in the Linux kernel
did not properly limit the number of events queued. An attacker in a guest
VM could use this to cause a denial of service in the host OS.
(CVE-2020-27673)
Jinoh Kang discovered that the Xen event channel infrastructure in the
Linux kernel contained a race condition. An attacker in guest could
possibly use this to cause a denial of service (dom0 crash).
(CVE-2020-27675)
Daniel Axtens discovered that PowerPC RTAS implementation in the Linux
kernel did not properly restrict memory accesses in some situations. A
privileged local attacker could use this to arbitrarily modify kernel
memory, potentially bypassing kernel lockdown restrictions.
(CVE-2020-27777)
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)
Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in
the Linux kernel did not correctly handle setting line discipline in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2020-27830, CVE-2020-28941)
It was discovered that a use-after-free vulnerability existed in the
infiniband hfi1 device driver in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2020-27835)
It was discovered that an information leak existed in the syscall
implementation in the Linux kernel on 32 bit systems. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2020-28588)
Minh Yuan discovered that the framebuffer console driver in the Linux
kernel did not properly handle fonts in some conditions. A local attacker
could use this to cause a denial of service (system crash) or possibly
expose sensitive information (kernel memory). (CVE-2020-28974)
Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)
Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the
Xen paravirt block backend in the Linux kernel, leading to a use-after-free
vulnerability. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29569)
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)
Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
It was discovered that a race condition existed that caused the Linux
kernel to not properly restrict exit signal delivery. A local attacker
could possibly use this to send signals to arbitrary processes.
(CVE-2020-35508)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
linux-image-5.8.0-1016-raspi 5.8.0-1016.19
linux-image-5.8.0-1016-raspi-nolpae 5.8.0-1016.19
linux-image-5.8.0-1019-kvm 5.8.0-1019.21
linux-image-5.8.0-1021-oracle 5.8.0-1021.22
linux-image-5.8.0-1023-azure 5.8.0-1023.25
linux-image-5.8.0-1023-gcp 5.8.0-1023.24
linux-image-5.8.0-1024-aws 5.8.0-1024.26
linux-image-5.8.0-44-generic 5.8.0-44.50
linux-image-5.8.0-44-generic-64k 5.8.0-44.50
linux-image-5.8.0-44-generic-lpae 5.8.0-44.50
linux-image-5.8.0-44-lowlatency 5.8.0-44.50
linux-image-aws 5.8.0.1024.26
linux-image-azure 5.8.0.1023.23
linux-image-gcp 5.8.0.1023.23
linux-image-generic 5.8.0.44.49
linux-image-generic-64k 5.8.0.44.49
linux-image-generic-lpae 5.8.0.44.49
linux-image-gke 5.8.0.1023.23
linux-image-kvm 5.8.0.1019.21
linux-image-lowlatency 5.8.0.44.49
linux-image-oem-20.04 5.8.0.44.49
linux-image-oracle 5.8.0.1021.20
linux-image-raspi 5.8.0.1016.19
linux-image-raspi-nolpae 5.8.0.1016.19
linux-image-virtual 5.8.0.44.49
Ubuntu 20.04 LTS:
linux-image-5.8.0-44-generic 5.8.0-44.50~20.04.1
linux-image-5.8.0-44-generic-lpae 5.8.0-44.50~20.04.1
linux-image-5.8.0-44-lowlatency 5.8.0-44.50~20.04.1
linux-image-generic-64k-hwe-20.04 5.8.0.44.50~20.04.30
linux-image-generic-hwe-20.04 5.8.0.44.50~20.04.30
linux-image-generic-lpae-hwe-20.04 5.8.0.44.50~20.04.30
linux-image-lowlatency-hwe-20.04 5.8.0.44.50~20.04.30
linux-image-virtual-hwe-20.04 5.8.0.44.50~20.04.30
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4751-1
CVE-2020-25656, CVE-2020-25668, CVE-2020-25669, CVE-2020-25704,
CVE-2020-27673, CVE-2020-27675, CVE-2020-27777, CVE-2020-27815,
CVE-2020-27830, CVE-2020-27835, CVE-2020-28588, CVE-2020-28941,
CVE-2020-28974, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660,
CVE-2020-29661, CVE-2020-35508
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.8.0-44.50
https://launchpad.net/ubuntu/+source/linux-aws/5.8.0-1024.26
https://launchpad.net/ubuntu/+source/linux-azure/5.8.0-1023.25
https://launchpad.net/ubuntu/+source/linux-gcp/5.8.0-1023.24
https://launchpad.net/ubuntu/+source/linux-kvm/5.8.0-1019.21
https://launchpad.net/ubuntu/+source/linux-oracle/5.8.0-1021.22
https://launchpad.net/ubuntu/+source/linux-raspi/5.8.0-1016.19
https://launchpad.net/ubuntu/+source/linux-hwe-5.8/5.8.0-44.50~20.04.1
[USN-4750-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4750-1
February 25, 2021
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4,
linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi (V8) systems
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke-5.4: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop-5.4: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi (V8) systems
Details:
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)
Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in
the Linux kernel did not correctly handle setting line discipline in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2020-27830, CVE-2020-28941)
It was discovered that an information leak existed in the syscall
implementation in the Linux kernel on 32 bit systems. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2020-28588)
Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)
Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the
Xen paravirt block backend in the Linux kernel, leading to a use-after-free
vulnerability. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29569)
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)
Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle filter rules in some situations. A local attacker with the
CAP_NET_ADMIN capability could use this to cause a denial of service.
(CVE-2021-20177)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1010-gkeop 5.4.0-1010.11
linux-image-5.4.0-1029-raspi 5.4.0-1029.32
linux-image-5.4.0-1033-kvm 5.4.0-1033.34
linux-image-5.4.0-1037-gcp 5.4.0-1037.40
linux-image-5.4.0-1038-aws 5.4.0-1038.40
linux-image-5.4.0-1038-oracle 5.4.0-1038.41
linux-image-5.4.0-1040-azure 5.4.0-1040.42
linux-image-5.4.0-66-generic 5.4.0-66.74
linux-image-5.4.0-66-generic-lpae 5.4.0-66.74
linux-image-5.4.0-66-lowlatency 5.4.0-66.74
linux-image-aws 5.4.0.1038.39
linux-image-azure 5.4.0.1040.38
linux-image-gcp 5.4.0.1037.46
linux-image-generic 5.4.0.66.69
linux-image-generic-lpae 5.4.0.66.69
linux-image-gkeop 5.4.0.1010.13
linux-image-gkeop-5.4 5.4.0.1010.13
linux-image-kvm 5.4.0.1033.31
linux-image-lowlatency 5.4.0.66.69
linux-image-oem 5.4.0.66.69
linux-image-oem-osp1 5.4.0.66.69
linux-image-oracle 5.4.0.1038.35
linux-image-raspi 5.4.0.1029.64
linux-image-raspi2 5.4.0.1029.64
linux-image-virtual 5.4.0.66.69
Ubuntu 18.04 LTS:
linux-image-5.4.0-1010-gkeop 5.4.0-1010.11~18.04.1
linux-image-5.4.0-1029-raspi 5.4.0-1029.32~18.04.1
linux-image-5.4.0-1036-gke 5.4.0-1036.38~18.04.1
linux-image-5.4.0-1037-gcp 5.4.0-1037.40~18.04.1
linux-image-5.4.0-1038-aws 5.4.0-1038.40~18.04.1
linux-image-5.4.0-1038-oracle 5.4.0-1038.41~18.04.1
linux-image-5.4.0-1040-azure 5.4.0-1040.42~18.04.1
linux-image-5.4.0-66-generic 5.4.0-66.74~18.04.2
linux-image-5.4.0-66-generic-lpae 5.4.0-66.74~18.04.2
linux-image-5.4.0-66-lowlatency 5.4.0-66.74~18.04.2
linux-image-aws 5.4.0.1038.22
linux-image-azure 5.4.0.1040.20
linux-image-gcp 5.4.0.1037.24
linux-image-generic-hwe-18.04 5.4.0.66.74~18.04.61
linux-image-generic-lpae-hwe-18.04 5.4.0.66.74~18.04.61
linux-image-gke-5.4 5.4.0.1036.38~18.04.4
linux-image-gkeop-5.4 5.4.0.1010.11~18.04.11
linux-image-lowlatency-hwe-18.04 5.4.0.66.74~18.04.61
linux-image-oem 5.4.0.66.74~18.04.61
linux-image-oem-osp1 5.4.0.66.74~18.04.61
linux-image-oracle 5.4.0.1038.41~18.04.21
linux-image-raspi-hwe-18.04 5.4.0.1029.32
linux-image-snapdragon-hwe-18.04 5.4.0.66.74~18.04.61
linux-image-virtual-hwe-18.04 5.4.0.66.74~18.04.61
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4750-1
CVE-2020-25669, CVE-2020-27815, CVE-2020-27830, CVE-2020-28588,
CVE-2020-28941, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660,
CVE-2020-29661, CVE-2021-20177
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-66.74
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1038.40
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1040.42
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1037.40
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1010.11
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1033.34
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1038.41
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1029.32
https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1038.40~18.04.1
https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1040.42~18.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1037.40~18.04.1
https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1036.38~18.04.1
https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1010.11~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-66.74~18.04.2
https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1038.41~18.04.1
https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1029.32~18.04.1
Ubuntu Security Notice USN-4750-1
February 25, 2021
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp,
linux-gcp-5.4, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4,
linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi: Linux kernel for Raspberry Pi (V8) systems
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke-5.4: Linux kernel for Google Container Engine (GKE) systems
- linux-gkeop-5.4: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe-5.4: Linux hardware enablement (HWE) kernel
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi (V8) systems
Details:
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)
Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in
the Linux kernel did not correctly handle setting line discipline in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2020-27830, CVE-2020-28941)
It was discovered that an information leak existed in the syscall
implementation in the Linux kernel on 32 bit systems. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2020-28588)
Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)
Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the
Xen paravirt block backend in the Linux kernel, leading to a use-after-free
vulnerability. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29569)
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)
Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
It was discovered that the netfilter subsystem in the Linux kernel did not
properly handle filter rules in some situations. A local attacker with the
CAP_NET_ADMIN capability could use this to cause a denial of service.
(CVE-2021-20177)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.4.0-1010-gkeop 5.4.0-1010.11
linux-image-5.4.0-1029-raspi 5.4.0-1029.32
linux-image-5.4.0-1033-kvm 5.4.0-1033.34
linux-image-5.4.0-1037-gcp 5.4.0-1037.40
linux-image-5.4.0-1038-aws 5.4.0-1038.40
linux-image-5.4.0-1038-oracle 5.4.0-1038.41
linux-image-5.4.0-1040-azure 5.4.0-1040.42
linux-image-5.4.0-66-generic 5.4.0-66.74
linux-image-5.4.0-66-generic-lpae 5.4.0-66.74
linux-image-5.4.0-66-lowlatency 5.4.0-66.74
linux-image-aws 5.4.0.1038.39
linux-image-azure 5.4.0.1040.38
linux-image-gcp 5.4.0.1037.46
linux-image-generic 5.4.0.66.69
linux-image-generic-lpae 5.4.0.66.69
linux-image-gkeop 5.4.0.1010.13
linux-image-gkeop-5.4 5.4.0.1010.13
linux-image-kvm 5.4.0.1033.31
linux-image-lowlatency 5.4.0.66.69
linux-image-oem 5.4.0.66.69
linux-image-oem-osp1 5.4.0.66.69
linux-image-oracle 5.4.0.1038.35
linux-image-raspi 5.4.0.1029.64
linux-image-raspi2 5.4.0.1029.64
linux-image-virtual 5.4.0.66.69
Ubuntu 18.04 LTS:
linux-image-5.4.0-1010-gkeop 5.4.0-1010.11~18.04.1
linux-image-5.4.0-1029-raspi 5.4.0-1029.32~18.04.1
linux-image-5.4.0-1036-gke 5.4.0-1036.38~18.04.1
linux-image-5.4.0-1037-gcp 5.4.0-1037.40~18.04.1
linux-image-5.4.0-1038-aws 5.4.0-1038.40~18.04.1
linux-image-5.4.0-1038-oracle 5.4.0-1038.41~18.04.1
linux-image-5.4.0-1040-azure 5.4.0-1040.42~18.04.1
linux-image-5.4.0-66-generic 5.4.0-66.74~18.04.2
linux-image-5.4.0-66-generic-lpae 5.4.0-66.74~18.04.2
linux-image-5.4.0-66-lowlatency 5.4.0-66.74~18.04.2
linux-image-aws 5.4.0.1038.22
linux-image-azure 5.4.0.1040.20
linux-image-gcp 5.4.0.1037.24
linux-image-generic-hwe-18.04 5.4.0.66.74~18.04.61
linux-image-generic-lpae-hwe-18.04 5.4.0.66.74~18.04.61
linux-image-gke-5.4 5.4.0.1036.38~18.04.4
linux-image-gkeop-5.4 5.4.0.1010.11~18.04.11
linux-image-lowlatency-hwe-18.04 5.4.0.66.74~18.04.61
linux-image-oem 5.4.0.66.74~18.04.61
linux-image-oem-osp1 5.4.0.66.74~18.04.61
linux-image-oracle 5.4.0.1038.41~18.04.21
linux-image-raspi-hwe-18.04 5.4.0.1029.32
linux-image-snapdragon-hwe-18.04 5.4.0.66.74~18.04.61
linux-image-virtual-hwe-18.04 5.4.0.66.74~18.04.61
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4750-1
CVE-2020-25669, CVE-2020-27815, CVE-2020-27830, CVE-2020-28588,
CVE-2020-28941, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660,
CVE-2020-29661, CVE-2021-20177
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.4.0-66.74
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1038.40
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1040.42
https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1037.40
https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1010.11
https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1033.34
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1038.41
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1029.32
https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1038.40~18.04.1
https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1040.42~18.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1037.40~18.04.1
https://launchpad.net/ubuntu/+source/linux-gke-5.4/5.4.0-1036.38~18.04.1
https://launchpad.net/ubuntu/+source/linux-gkeop-5.4/5.4.0-1010.11~18.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-66.74~18.04.2
https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1038.41~18.04.1
https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1029.32~18.04.1
[USN-4752-1] Linux kernel (OEM) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4752-1
February 25, 2021
linux-oem-5.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oem-5.6: Linux kernel for OEM systems
Details:
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
that legacy pairing and secure-connections pairing authentication in the
Bluetooth protocol could allow an unauthenticated user to complete
authentication without pairing credentials via adjacent access. A
physically proximate attacker could use this to impersonate a previously
paired Bluetooth device. (CVE-2020-10135)
Jay Shin discovered that the ext4 file system implementation in the Linux
kernel did not properly handle directory access with broken indexing,
leading to an out-of-bounds read vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2020-14314)
It was discovered that the block layer implementation in the Linux kernel
did not properly perform reference counting in some situations, leading to
a use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2020-15436)
It was discovered that the serial port driver in the Linux kernel did not
properly initialize a pointer in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2020-15437)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-24490)
It was discovered that the NFS client implementation in the Linux kernel
did not properly perform bounds checking before copying security labels in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-25212)
It was discovered that the Rados block device (rbd) driver in the Linux
kernel did not properly perform privilege checks for access to rbd devices
in some situations. A local attacker could use this to map or unmap rbd
block devices. (CVE-2020-25284)
It was discovered that the block layer subsystem in the Linux kernel did
not properly handle zero-length requests. A local attacker could use this
to cause a denial of service. (CVE-2020-25641)
It was discovered that the HDLC PPP implementation in the Linux kernel did
not properly validate input in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2020-25643)
Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
It was discovered that the KVM hypervisor in the Linux kernel did not
properly handle interrupts in certain situations. A local attacker in a
guest VM could possibly use this to cause a denial of service (host system
crash). (CVE-2020-27152)
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)
It was discovered that an information leak existed in the syscall
implementation in the Linux kernel on 32 bit systems. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2020-28588)
It was discovered that the framebuffer implementation in the Linux kernel
did not properly perform range checks in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2020-28915)
Jann Horn discovered a race condition in the copy-on-write implementation
in the Linux kernel when handling hugepages. A local attacker could use
this to gain unintended write access to read-only memory pages.
(CVE-2020-29368)
Jann Horn discovered that the mmap implementation in the Linux kernel
contained a race condition when handling munmap() operations, leading to a
read-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2020-29369)
Jann Horn discovered that the romfs file system in the Linux kernel did not
properly validate file system meta-data, leading to an out-of-bounds read.
An attacker could use this to construct a malicious romfs image that, when
mounted, exposed sensitive information (kernel memory). (CVE-2020-29371)
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)
Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
It was discovered that a race condition existed that caused the Linux
kernel to not properly restrict exit signal delivery. A local attacker
could possibly use this to send signals to arbitrary processes.
(CVE-2020-35508)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.6.0-1048-oem 5.6.0-1048.52
linux-image-oem-20.04 5.6.0.1048.44
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4752-1
CVE-2020-10135, CVE-2020-14314, CVE-2020-15436, CVE-2020-15437,
CVE-2020-24490, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641,
CVE-2020-25643, CVE-2020-25704, CVE-2020-27152, CVE-2020-27815,
CVE-2020-28588, CVE-2020-28915, CVE-2020-29368, CVE-2020-29369,
CVE-2020-29371, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52
Ubuntu Security Notice USN-4752-1
February 25, 2021
linux-oem-5.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oem-5.6: Linux kernel for OEM systems
Details:
Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen discovered
that legacy pairing and secure-connections pairing authentication in the
Bluetooth protocol could allow an unauthenticated user to complete
authentication without pairing credentials via adjacent access. A
physically proximate attacker could use this to impersonate a previously
paired Bluetooth device. (CVE-2020-10135)
Jay Shin discovered that the ext4 file system implementation in the Linux
kernel did not properly handle directory access with broken indexing,
leading to an out-of-bounds read vulnerability. A local attacker could use
this to cause a denial of service (system crash). (CVE-2020-14314)
It was discovered that the block layer implementation in the Linux kernel
did not properly perform reference counting in some situations, leading to
a use-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash). (CVE-2020-15436)
It was discovered that the serial port driver in the Linux kernel did not
properly initialize a pointer in some situations. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2020-15437)
Andy Nguyen discovered that the Bluetooth HCI event packet parser in the
Linux kernel did not properly handle event advertisements of certain sizes,
leading to a heap-based buffer overflow. A physically proximate remote
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2020-24490)
It was discovered that the NFS client implementation in the Linux kernel
did not properly perform bounds checking before copying security labels in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-25212)
It was discovered that the Rados block device (rbd) driver in the Linux
kernel did not properly perform privilege checks for access to rbd devices
in some situations. A local attacker could use this to map or unmap rbd
block devices. (CVE-2020-25284)
It was discovered that the block layer subsystem in the Linux kernel did
not properly handle zero-length requests. A local attacker could use this
to cause a denial of service. (CVE-2020-25641)
It was discovered that the HDLC PPP implementation in the Linux kernel did
not properly validate input in some situations. A local attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2020-25643)
Kiyin (尹亮) discovered that the perf subsystem in the Linux kernel did
not properly deallocate memory in some situations. A privileged attacker
could use this to cause a denial of service (kernel memory exhaustion).
(CVE-2020-25704)
It was discovered that the KVM hypervisor in the Linux kernel did not
properly handle interrupts in certain situations. A local attacker in a
guest VM could possibly use this to cause a denial of service (host system
crash). (CVE-2020-27152)
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)
It was discovered that an information leak existed in the syscall
implementation in the Linux kernel on 32 bit systems. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2020-28588)
It was discovered that the framebuffer implementation in the Linux kernel
did not properly perform range checks in certain situations. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2020-28915)
Jann Horn discovered a race condition in the copy-on-write implementation
in the Linux kernel when handling hugepages. A local attacker could use
this to gain unintended write access to read-only memory pages.
(CVE-2020-29368)
Jann Horn discovered that the mmap implementation in the Linux kernel
contained a race condition when handling munmap() operations, leading to a
read-after-free vulnerability. A local attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information.
(CVE-2020-29369)
Jann Horn discovered that the romfs file system in the Linux kernel did not
properly validate file system meta-data, leading to an out-of-bounds read.
An attacker could use this to construct a malicious romfs image that, when
mounted, exposed sensitive information (kernel memory). (CVE-2020-29371)
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)
Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
It was discovered that a race condition existed that caused the Linux
kernel to not properly restrict exit signal delivery. A local attacker
could possibly use this to send signals to arbitrary processes.
(CVE-2020-35508)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.6.0-1048-oem 5.6.0-1048.52
linux-image-oem-20.04 5.6.0.1048.44
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4752-1
CVE-2020-10135, CVE-2020-14314, CVE-2020-15436, CVE-2020-15437,
CVE-2020-24490, CVE-2020-25212, CVE-2020-25284, CVE-2020-25641,
CVE-2020-25643, CVE-2020-25704, CVE-2020-27152, CVE-2020-27815,
CVE-2020-28588, CVE-2020-28915, CVE-2020-29368, CVE-2020-29369,
CVE-2020-29371, CVE-2020-29660, CVE-2020-29661, CVE-2020-35508
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-5.6/5.6.0-1048.52
[USN-4753-1] Linux kernel (OEM) vulnerability
==========================================================================
Ubuntu Security Notice USN-4753-1
February 25, 2021
linux-oem-5.10 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
The system could allow unintended access to data in some environments.
Software Description:
- linux-oem-5.10: Linux kernel for OEM systems
Details:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.10.0-1014-oem 5.10.0-1014.15
linux-image-oem-20.04b 5.10.0.1014.15
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4753-1
CVE-2020-28374, CVE-2021-3178
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1014.15
Ubuntu Security Notice USN-4753-1
February 25, 2021
linux-oem-5.10 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
The system could allow unintended access to data in some environments.
Software Description:
- linux-oem-5.10: Linux kernel for OEM systems
Details:
It was discovered that the LIO SCSI target implementation in the Linux
kernel performed insufficient identifier checking in certain XCOPY
requests. An attacker with access to at least one LUN in a multiple
backstore environment could use this to expose sensitive information or
modify data. (CVE-2020-28374)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
linux-image-5.10.0-1014-oem 5.10.0-1014.15
linux-image-oem-20.04b 5.10.0.1014.15
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4753-1
CVE-2020-28374, CVE-2021-3178
Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-5.10/5.10.0-1014.15
[USN-4749-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4749-1
February 25, 2021
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15,
linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe,
linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-dell300x: Linux kernel for Dell 300x platforms
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)
Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in
the Linux kernel did not correctly handle setting line discipline in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2020-27830, CVE-2020-28941)
It was discovered that the memory management subsystem in the Linux kernel
did not properly handle copy-on-write operations in some situations. A
local attacker could possibly use this to gain unintended write access to
read-only memory pages. (CVE-2020-29374)
Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)
Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the
Xen paravirt block backend in the Linux kernel, leading to a use-after-free
vulnerability. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29569)
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)
Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1012-dell300x 4.15.0-1012.16
linux-image-4.15.0-1065-oracle 4.15.0-1065.73
linux-image-4.15.0-1079-gke 4.15.0-1079.84
linux-image-4.15.0-1079-raspi2 4.15.0-1079.84
linux-image-4.15.0-1085-kvm 4.15.0-1085.87
linux-image-4.15.0-1093-gcp 4.15.0-1093.106
linux-image-4.15.0-1094-aws 4.15.0-1094.101
linux-image-4.15.0-1096-snapdragon 4.15.0-1096.105
linux-image-4.15.0-1108-azure 4.15.0-1108.120
linux-image-4.15.0-136-generic 4.15.0-136.140
linux-image-4.15.0-136-generic-lpae 4.15.0-136.140
linux-image-4.15.0-136-lowlatency 4.15.0-136.140
linux-image-aws-lts-18.04 4.15.0.1094.97
linux-image-azure-lts-18.04 4.15.0.1108.81
linux-image-dell300x 4.15.0.1012.14
linux-image-gcp-lts-18.04 4.15.0.1093.111
linux-image-generic 4.15.0.136.123
linux-image-generic-lpae 4.15.0.136.123
linux-image-gke 4.15.0.1079.83
linux-image-gke-4.15 4.15.0.1079.83
linux-image-kvm 4.15.0.1085.81
linux-image-lowlatency 4.15.0.136.123
linux-image-oracle-lts-18.04 4.15.0.1065.75
linux-image-powerpc-e500mc 4.15.0.136.123
linux-image-powerpc-smp 4.15.0.136.123
linux-image-powerpc64-emb 4.15.0.136.123
linux-image-powerpc64-smp 4.15.0.136.123
linux-image-raspi2 4.15.0.1079.76
linux-image-snapdragon 4.15.0.1096.99
linux-image-virtual 4.15.0.136.123
Ubuntu 16.04 LTS:
linux-image-4.15.0-1065-oracle 4.15.0-1065.73~16.04.1
linux-image-4.15.0-1093-gcp 4.15.0-1093.106~16.04.1
linux-image-4.15.0-1094-aws 4.15.0-1094.101~16.04.1
linux-image-4.15.0-1108-azure 4.15.0-1108.120~16.04.1
linux-image-4.15.0-136-generic 4.15.0-136.140~16.04.1
linux-image-4.15.0-136-generic-lpae 4.15.0-136.140~16.04.1
linux-image-4.15.0-136-lowlatency 4.15.0-136.140~16.04.1
linux-image-aws-hwe 4.15.0.1094.87
linux-image-azure 4.15.0.1108.99
linux-image-gcp 4.15.0.1093.94
linux-image-generic-hwe-16.04 4.15.0.136.132
linux-image-generic-lpae-hwe-16.04 4.15.0.136.132
linux-image-gke 4.15.0.1093.94
linux-image-lowlatency-hwe-16.04 4.15.0.136.132
linux-image-oem 4.15.0.136.132
linux-image-oracle 4.15.0.1065.53
linux-image-virtual-hwe-16.04 4.15.0.136.132
Ubuntu 14.04 ESM:
linux-image-4.15.0-1108-azure 4.15.0-1108.120~14.04.1
linux-image-azure 4.15.0.1108.81
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4749-1
CVE-2020-25669, CVE-2020-27815, CVE-2020-27830, CVE-2020-28941,
CVE-2020-29374, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660,
CVE-2020-29661
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-136.140
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1094.101
https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1108.120
https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1012.16
https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1093.106
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1079.84
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1085.87
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1065.73
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1079.84
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1096.105
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1094.101~16.04.1
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1108.120~16.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1093.106~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-136.140~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1065.73~16.04.1
Ubuntu Security Notice USN-4749-1
February 25, 2021
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15,
linux-dell300x, linux-gcp, linux-gcp-4.15, linux-gke-4.15, linux-hwe,
linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-dell300x: Linux kernel for Dell 300x platforms
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Bodong Zhao discovered a use-after-free in the Sun keyboard driver
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2020-25669)
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)
Shisong Qin and Bodong Zhao discovered that Speakup screen reader driver in
the Linux kernel did not correctly handle setting line discipline in some
situations. A local attacker could use this to cause a denial of service
(system crash). (CVE-2020-27830, CVE-2020-28941)
It was discovered that the memory management subsystem in the Linux kernel
did not properly handle copy-on-write operations in some situations. A
local attacker could possibly use this to gain unintended write access to
read-only memory pages. (CVE-2020-29374)
Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)
Olivier Benjamin and Pawel Wieczorkiewicz discovered a race condition the
Xen paravirt block backend in the Linux kernel, leading to a use-after-free
vulnerability. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29569)
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)
Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-1012-dell300x 4.15.0-1012.16
linux-image-4.15.0-1065-oracle 4.15.0-1065.73
linux-image-4.15.0-1079-gke 4.15.0-1079.84
linux-image-4.15.0-1079-raspi2 4.15.0-1079.84
linux-image-4.15.0-1085-kvm 4.15.0-1085.87
linux-image-4.15.0-1093-gcp 4.15.0-1093.106
linux-image-4.15.0-1094-aws 4.15.0-1094.101
linux-image-4.15.0-1096-snapdragon 4.15.0-1096.105
linux-image-4.15.0-1108-azure 4.15.0-1108.120
linux-image-4.15.0-136-generic 4.15.0-136.140
linux-image-4.15.0-136-generic-lpae 4.15.0-136.140
linux-image-4.15.0-136-lowlatency 4.15.0-136.140
linux-image-aws-lts-18.04 4.15.0.1094.97
linux-image-azure-lts-18.04 4.15.0.1108.81
linux-image-dell300x 4.15.0.1012.14
linux-image-gcp-lts-18.04 4.15.0.1093.111
linux-image-generic 4.15.0.136.123
linux-image-generic-lpae 4.15.0.136.123
linux-image-gke 4.15.0.1079.83
linux-image-gke-4.15 4.15.0.1079.83
linux-image-kvm 4.15.0.1085.81
linux-image-lowlatency 4.15.0.136.123
linux-image-oracle-lts-18.04 4.15.0.1065.75
linux-image-powerpc-e500mc 4.15.0.136.123
linux-image-powerpc-smp 4.15.0.136.123
linux-image-powerpc64-emb 4.15.0.136.123
linux-image-powerpc64-smp 4.15.0.136.123
linux-image-raspi2 4.15.0.1079.76
linux-image-snapdragon 4.15.0.1096.99
linux-image-virtual 4.15.0.136.123
Ubuntu 16.04 LTS:
linux-image-4.15.0-1065-oracle 4.15.0-1065.73~16.04.1
linux-image-4.15.0-1093-gcp 4.15.0-1093.106~16.04.1
linux-image-4.15.0-1094-aws 4.15.0-1094.101~16.04.1
linux-image-4.15.0-1108-azure 4.15.0-1108.120~16.04.1
linux-image-4.15.0-136-generic 4.15.0-136.140~16.04.1
linux-image-4.15.0-136-generic-lpae 4.15.0-136.140~16.04.1
linux-image-4.15.0-136-lowlatency 4.15.0-136.140~16.04.1
linux-image-aws-hwe 4.15.0.1094.87
linux-image-azure 4.15.0.1108.99
linux-image-gcp 4.15.0.1093.94
linux-image-generic-hwe-16.04 4.15.0.136.132
linux-image-generic-lpae-hwe-16.04 4.15.0.136.132
linux-image-gke 4.15.0.1093.94
linux-image-lowlatency-hwe-16.04 4.15.0.136.132
linux-image-oem 4.15.0.136.132
linux-image-oracle 4.15.0.1065.53
linux-image-virtual-hwe-16.04 4.15.0.136.132
Ubuntu 14.04 ESM:
linux-image-4.15.0-1108-azure 4.15.0-1108.120~14.04.1
linux-image-azure 4.15.0.1108.81
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4749-1
CVE-2020-25669, CVE-2020-27815, CVE-2020-27830, CVE-2020-28941,
CVE-2020-29374, CVE-2020-29568, CVE-2020-29569, CVE-2020-29660,
CVE-2020-29661
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-136.140
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1094.101
https://launchpad.net/ubuntu/+source/linux-azure-4.15/4.15.0-1108.120
https://launchpad.net/ubuntu/+source/linux-dell300x/4.15.0-1012.16
https://launchpad.net/ubuntu/+source/linux-gcp-4.15/4.15.0-1093.106
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1079.84
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1085.87
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1065.73
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1079.84
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1096.105
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1094.101~16.04.1
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1108.120~16.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1093.106~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-136.140~16.04.1
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1065.73~16.04.1
[USN-4748-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4748-1
February 25, 2021
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2,
linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)
It was discovered that the memory management subsystem in the Linux kernel
did not properly handle copy-on-write operations in some situations. A
local attacker could possibly use this to gain unintended write access to
read-only memory pages. (CVE-2020-29374)
Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)
Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1088-kvm 4.4.0-1088.97
linux-image-4.4.0-1122-aws 4.4.0-1122.136
linux-image-4.4.0-1146-raspi2 4.4.0-1146.156
linux-image-4.4.0-1150-snapdragon 4.4.0-1150.160
linux-image-4.4.0-203-generic 4.4.0-203.235
linux-image-4.4.0-203-generic-lpae 4.4.0-203.235
linux-image-4.4.0-203-lowlatency 4.4.0-203.235
linux-image-4.4.0-203-powerpc-e500mc 4.4.0-203.235
linux-image-4.4.0-203-powerpc-smp 4.4.0-203.235
linux-image-4.4.0-203-powerpc64-emb 4.4.0-203.235
linux-image-4.4.0-203-powerpc64-smp 4.4.0-203.235
linux-image-aws 4.4.0.1122.127
linux-image-generic 4.4.0.203.209
linux-image-generic-lpae 4.4.0.203.209
linux-image-kvm 4.4.0.1088.86
linux-image-lowlatency 4.4.0.203.209
linux-image-powerpc-e500mc 4.4.0.203.209
linux-image-powerpc-smp 4.4.0.203.209
linux-image-powerpc64-emb 4.4.0.203.209
linux-image-powerpc64-smp 4.4.0.203.209
linux-image-raspi2 4.4.0.1146.146
linux-image-snapdragon 4.4.0.1150.142
linux-image-virtual 4.4.0.203.209
Ubuntu 14.04 ESM:
linux-image-4.4.0-1086-aws 4.4.0-1086.90
linux-image-4.4.0-203-generic 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-generic-lpae 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-lowlatency 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-powerpc-e500mc 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-powerpc-smp 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-powerpc64-emb 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-powerpc64-smp 4.4.0-203.235~14.04.1
linux-image-aws 4.4.0.1086.83
linux-image-generic-lpae-lts-xenial 4.4.0.203.177
linux-image-generic-lts-xenial 4.4.0.203.177
linux-image-lowlatency-lts-xenial 4.4.0.203.177
linux-image-powerpc-e500mc-lts-xenial 4.4.0.203.177
linux-image-powerpc-smp-lts-xenial 4.4.0.203.177
linux-image-powerpc64-emb-lts-xenial 4.4.0.203.177
linux-image-powerpc64-smp-lts-xenial 4.4.0.203.177
linux-image-virtual-lts-xenial 4.4.0.203.177
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4748-1
CVE-2020-27815, CVE-2020-29374, CVE-2020-29568, CVE-2020-29660,
CVE-2020-29661
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-203.235
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1122.136
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1088.97
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1146.156
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1150.160
Ubuntu Security Notice USN-4748-1
February 25, 2021
linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2,
linux-snapdragon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi (V8) systems
- linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
It was discovered that the jfs file system implementation in the Linux
kernel contained an out-of-bounds read vulnerability. A local attacker
could use this to possibly cause a denial of service (system crash).
(CVE-2020-27815)
It was discovered that the memory management subsystem in the Linux kernel
did not properly handle copy-on-write operations in some situations. A
local attacker could possibly use this to gain unintended write access to
read-only memory pages. (CVE-2020-29374)
Michael Kurth and Pawel Wieczorkiewicz discovered that the Xen event
processing backend in the Linux kernel did not properly limit the number of
events queued. An attacker in a guest VM could use this to cause a denial
of service in the host OS. (CVE-2020-29568)
Jann Horn discovered that the tty subsystem of the Linux kernel did not use
consistent locking in some situations, leading to a read-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information (kernel memory).
(CVE-2020-29660)
Jann Horn discovered a race condition in the tty subsystem of the Linux
kernel in the locking for the TIOCSPGRP ioctl(), leading to a use-after-
free vulnerability. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2020-29661)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
linux-image-4.4.0-1088-kvm 4.4.0-1088.97
linux-image-4.4.0-1122-aws 4.4.0-1122.136
linux-image-4.4.0-1146-raspi2 4.4.0-1146.156
linux-image-4.4.0-1150-snapdragon 4.4.0-1150.160
linux-image-4.4.0-203-generic 4.4.0-203.235
linux-image-4.4.0-203-generic-lpae 4.4.0-203.235
linux-image-4.4.0-203-lowlatency 4.4.0-203.235
linux-image-4.4.0-203-powerpc-e500mc 4.4.0-203.235
linux-image-4.4.0-203-powerpc-smp 4.4.0-203.235
linux-image-4.4.0-203-powerpc64-emb 4.4.0-203.235
linux-image-4.4.0-203-powerpc64-smp 4.4.0-203.235
linux-image-aws 4.4.0.1122.127
linux-image-generic 4.4.0.203.209
linux-image-generic-lpae 4.4.0.203.209
linux-image-kvm 4.4.0.1088.86
linux-image-lowlatency 4.4.0.203.209
linux-image-powerpc-e500mc 4.4.0.203.209
linux-image-powerpc-smp 4.4.0.203.209
linux-image-powerpc64-emb 4.4.0.203.209
linux-image-powerpc64-smp 4.4.0.203.209
linux-image-raspi2 4.4.0.1146.146
linux-image-snapdragon 4.4.0.1150.142
linux-image-virtual 4.4.0.203.209
Ubuntu 14.04 ESM:
linux-image-4.4.0-1086-aws 4.4.0-1086.90
linux-image-4.4.0-203-generic 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-generic-lpae 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-lowlatency 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-powerpc-e500mc 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-powerpc-smp 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-powerpc64-emb 4.4.0-203.235~14.04.1
linux-image-4.4.0-203-powerpc64-smp 4.4.0-203.235~14.04.1
linux-image-aws 4.4.0.1086.83
linux-image-generic-lpae-lts-xenial 4.4.0.203.177
linux-image-generic-lts-xenial 4.4.0.203.177
linux-image-lowlatency-lts-xenial 4.4.0.203.177
linux-image-powerpc-e500mc-lts-xenial 4.4.0.203.177
linux-image-powerpc-smp-lts-xenial 4.4.0.203.177
linux-image-powerpc64-emb-lts-xenial 4.4.0.203.177
linux-image-powerpc64-smp-lts-xenial 4.4.0.203.177
linux-image-virtual-lts-xenial 4.4.0.203.177
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4748-1
CVE-2020-27815, CVE-2020-29374, CVE-2020-29568, CVE-2020-29660,
CVE-2020-29661
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-203.235
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1122.136
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1088.97
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1146.156
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1150.160
Wednesday, February 24, 2021
[USN-4747-2] GNU Screen vulnerability
==========================================================================
Ubuntu Security Notice USN-4747-2
February 24, 2021
screen vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
GNU Screen could be made to crash or run programs if it processed specially
crafted character sequences.
Software Description:
- screen: terminal multiplexer with VT100/ANSI terminal emulation
Details:
USN-4747-1 fixed a vulnerability in screen. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Felix Weinmann discovered that GNU Screen incorrectly handled certain
character sequences. A remote attacker could use this issue to cause GNU
Screen to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
screen 4.1.0~20120320gitdb59704-9ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4747-2
https://usn.ubuntu.com/4747-1
CVE-2021-26937
Ubuntu Security Notice USN-4747-2
February 24, 2021
screen vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
GNU Screen could be made to crash or run programs if it processed specially
crafted character sequences.
Software Description:
- screen: terminal multiplexer with VT100/ANSI terminal emulation
Details:
USN-4747-1 fixed a vulnerability in screen. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Felix Weinmann discovered that GNU Screen incorrectly handled certain
character sequences. A remote attacker could use this issue to cause GNU
Screen to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
screen 4.1.0~20120320gitdb59704-9ubuntu0.1~esm2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4747-2
https://usn.ubuntu.com/4747-1
CVE-2021-26937
OpenBSD Errata: February 24th, 2021 (pffrag)
Errata patches for the kernel have been released for OpenBSD 6.7 and 6.8.
A sequence of overlapping IPv4 fragments could crash the kernel in
pf due to an assertion.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
https://www.openbsd.org/errata67.html
https://www.openbsd.org/errata68.html
As these affect the kernel, a reboot will be needed after patching.
A sequence of overlapping IPv4 fragments could crash the kernel in
pf due to an assertion.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
https://www.openbsd.org/errata67.html
https://www.openbsd.org/errata68.html
As these affect the kernel, a reboot will be needed after patching.
[USN-4746-1] xterm vulnerability
==========================================================================
Ubuntu Security Notice USN-4746-1
February 24, 2021
xterm vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
xterm could be made to crash or run programs if it handled specially
crafted character sequences.
Software Description:
- xterm: X terminal emulator
Details:
Tavis Ormandy discovered that xterm incorrectly handled certain character
sequences. A remote attacker could use this issue to cause xterm to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
xterm 353-1ubuntu1.20.10.2
Ubuntu 20.04 LTS:
xterm 353-1ubuntu1.20.04.2
Ubuntu 18.04 LTS:
xterm 330-1ubuntu2.2
Ubuntu 16.04 LTS:
xterm 322-1ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4746-1
CVE-2021-27135
Package Information:
https://launchpad.net/ubuntu/+source/xterm/353-1ubuntu1.20.10.2
https://launchpad.net/ubuntu/+source/xterm/353-1ubuntu1.20.04.2
https://launchpad.net/ubuntu/+source/xterm/330-1ubuntu2.2
https://launchpad.net/ubuntu/+source/xterm/322-1ubuntu1.2
Ubuntu Security Notice USN-4746-1
February 24, 2021
xterm vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
xterm could be made to crash or run programs if it handled specially
crafted character sequences.
Software Description:
- xterm: X terminal emulator
Details:
Tavis Ormandy discovered that xterm incorrectly handled certain character
sequences. A remote attacker could use this issue to cause xterm to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
xterm 353-1ubuntu1.20.10.2
Ubuntu 20.04 LTS:
xterm 353-1ubuntu1.20.04.2
Ubuntu 18.04 LTS:
xterm 330-1ubuntu2.2
Ubuntu 16.04 LTS:
xterm 322-1ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4746-1
CVE-2021-27135
Package Information:
https://launchpad.net/ubuntu/+source/xterm/353-1ubuntu1.20.10.2
https://launchpad.net/ubuntu/+source/xterm/353-1ubuntu1.20.04.2
https://launchpad.net/ubuntu/+source/xterm/330-1ubuntu2.2
https://launchpad.net/ubuntu/+source/xterm/322-1ubuntu1.2
[USN-4747-1] GNU Screen vulnerability
==========================================================================
Ubuntu Security Notice USN-4747-1
February 24, 2021
screen vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
GNU Screen could be made to crash or run programs if it processed specially
crafted character sequences.
Software Description:
- screen: terminal multiplexer with VT100/ANSI terminal emulation
Details:
Felix Weinmann discovered that GNU Screen incorrectly handled certain
character sequences. A remote attacker could use this issue to cause GNU
Screen to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
screen 4.8.0-2ubuntu0.1
Ubuntu 20.04 LTS:
screen 4.8.0-1ubuntu0.1
Ubuntu 18.04 LTS:
screen 4.6.2-1ubuntu1.1
Ubuntu 16.04 LTS:
screen 4.3.1-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4747-1
CVE-2021-26937
Package Information:
https://launchpad.net/ubuntu/+source/screen/4.8.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/screen/4.8.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/screen/4.6.2-1ubuntu1.1
https://launchpad.net/ubuntu/+source/screen/4.3.1-2ubuntu0.1
Ubuntu Security Notice USN-4747-1
February 24, 2021
screen vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
GNU Screen could be made to crash or run programs if it processed specially
crafted character sequences.
Software Description:
- screen: terminal multiplexer with VT100/ANSI terminal emulation
Details:
Felix Weinmann discovered that GNU Screen incorrectly handled certain
character sequences. A remote attacker could use this issue to cause GNU
Screen to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
screen 4.8.0-2ubuntu0.1
Ubuntu 20.04 LTS:
screen 4.8.0-1ubuntu0.1
Ubuntu 18.04 LTS:
screen 4.6.2-1ubuntu1.1
Ubuntu 16.04 LTS:
screen 4.3.1-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4747-1
CVE-2021-26937
Package Information:
https://launchpad.net/ubuntu/+source/screen/4.8.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/screen/4.8.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/screen/4.6.2-1ubuntu1.1
https://launchpad.net/ubuntu/+source/screen/4.3.1-2ubuntu0.1
[USN-4698-2] Dnsmasq regression
==========================================================================
Ubuntu Security Notice USN-4698-2
February 24, 2021
dnsmasq regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-4698-1 introduced regressions in Dnsmasq.
Software Description:
- dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced
regressions in certain environments related to issues with multiple
queries, and issues with retries. This update fixes the problem.
Original advisory details:
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
memory when sorting RRsets. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25681, CVE-2020-25687)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
extracting certain names. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25682, CVE-2020-25683)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly
implemented address/port checks. A remote attacker could use this issue to
perform a cache poisoning attack. (CVE-2020-25684)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly
implemented query resource name checks. A remote attacker could use this
issue to perform a cache poisoning attack. (CVE-2020-25685)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
multiple query requests for the same resource name. A remote attacker could
use this issue to perform a cache poisoning attack. (CVE-2020-25686)
It was discovered that Dnsmasq incorrectly handled memory during DHCP
response creation. A remote attacker could possibly use this issue to
cause Dnsmasq to consume resources, leading to a denial of service. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04
LTS. (CVE-2019-14834)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
dnsmasq 2.82-1ubuntu1.2
dnsmasq-base 2.82-1ubuntu1.2
dnsmasq-utils 2.82-1ubuntu1.2
Ubuntu 20.04 LTS:
dnsmasq 2.80-1.1ubuntu1.3
dnsmasq-base 2.80-1.1ubuntu1.3
dnsmasq-utils 2.80-1.1ubuntu1.3
Ubuntu 18.04 LTS:
dnsmasq 2.79-1ubuntu0.3
dnsmasq-base 2.79-1ubuntu0.3
dnsmasq-utils 2.79-1ubuntu0.3
Ubuntu 16.04 LTS:
dnsmasq 2.75-1ubuntu0.16.04.8
dnsmasq-base 2.75-1ubuntu0.16.04.8
dnsmasq-utils 2.75-1ubuntu0.16.04.8
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/4698-2
https://usn.ubuntu.com/4698-1
https://launchpad.net/bugs/1916462
Package Information:
https://launchpad.net/ubuntu/+source/dnsmasq/2.82-1ubuntu1.2
https://launchpad.net/ubuntu/+source/dnsmasq/2.80-1.1ubuntu1.3
https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1ubuntu0.3
https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.8
Ubuntu Security Notice USN-4698-2
February 24, 2021
dnsmasq regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-4698-1 introduced regressions in Dnsmasq.
Software Description:
- dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced
regressions in certain environments related to issues with multiple
queries, and issues with retries. This update fixes the problem.
Original advisory details:
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
memory when sorting RRsets. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25681, CVE-2020-25687)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
extracting certain names. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25682, CVE-2020-25683)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly
implemented address/port checks. A remote attacker could use this issue to
perform a cache poisoning attack. (CVE-2020-25684)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly
implemented query resource name checks. A remote attacker could use this
issue to perform a cache poisoning attack. (CVE-2020-25685)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
multiple query requests for the same resource name. A remote attacker could
use this issue to perform a cache poisoning attack. (CVE-2020-25686)
It was discovered that Dnsmasq incorrectly handled memory during DHCP
response creation. A remote attacker could possibly use this issue to
cause Dnsmasq to consume resources, leading to a denial of service. This
issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04
LTS. (CVE-2019-14834)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.10:
dnsmasq 2.82-1ubuntu1.2
dnsmasq-base 2.82-1ubuntu1.2
dnsmasq-utils 2.82-1ubuntu1.2
Ubuntu 20.04 LTS:
dnsmasq 2.80-1.1ubuntu1.3
dnsmasq-base 2.80-1.1ubuntu1.3
dnsmasq-utils 2.80-1.1ubuntu1.3
Ubuntu 18.04 LTS:
dnsmasq 2.79-1ubuntu0.3
dnsmasq-base 2.79-1ubuntu0.3
dnsmasq-utils 2.79-1ubuntu0.3
Ubuntu 16.04 LTS:
dnsmasq 2.75-1ubuntu0.16.04.8
dnsmasq-base 2.75-1ubuntu0.16.04.8
dnsmasq-utils 2.75-1ubuntu0.16.04.8
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://usn.ubuntu.com/4698-2
https://usn.ubuntu.com/4698-1
https://launchpad.net/bugs/1916462
Package Information:
https://launchpad.net/ubuntu/+source/dnsmasq/2.82-1ubuntu1.2
https://launchpad.net/ubuntu/+source/dnsmasq/2.80-1.1ubuntu1.3
https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1ubuntu0.3
https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.8
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:04.jail_remove
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-21:04.jail_remove Security Advisory
The FreeBSD Project
Topic: jail_remove(2) fails to kill all jailed processes
Category: core
Module: jail
Announced: 2021-02-24
Credits: Mateusz Guzik
Affects: All supported versions of FreeBSD.
Corrected: 2021-02-19 01:22:08 UTC (stable/13, 13.0-STABLE)
2021-02-19 21:53:07 UTC (releng/13.0, 13.0-BETA3-p1)
2021-02-19 21:46:31 UTC (stable/12, 12.2-STABLE)
2021-02-24 01:43:39 UTC (releng/12.2, 12.2-RELEASE-p4)
2021-02-19 21:50:26 UTC (stable/11, 11.4-STABLE)
2021-02-24 01:41:41 UTC (releng/11.4, 11.4-RELEASE-p8)
CVE Name: CVE-2020-25581
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The jail(2) system call allows a system administrator to lock a process
and all of its descendants inside an environment with a very limited
ability to affect the system outside that environment, even for
processes with superuser privileges. It is an extension of, but
far more powerful than, the traditional UNIX chroot(2) system call.
The jail_remove(2) system call, which was introduced in FreeBSD 8.0,
allows a non-jailed process to remove a jail, which includes terminating
all the processes running in that jail.
II. Problem Description
Due to a race condition in the jail_remove(2) implementation, it may fail
to kill some of the processes.
III. Impact
A process running inside a jail can avoid being killed during jail termination.
If a jail is subsequently started with the same root path, a lingering jailed
process may be able to exploit the window during which a devfs filesystem is
mounted but the jail's devfs ruleset has not been applied, to access device
nodes which are ordinarily inaccessible. If the process is privileged, it may
be able to escape the jail and gain full access to the system.
IV. Workaround
The problem is limited to scenarios where a jail containing an untrusted,
privileged process is stopped, and a jail is subsequently started with the same
root path. Users not running jails are not affected, and the problem can be
avoided by not starting a jail with the same path as a previously stopped jail.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 13.x]
# fetch https://security.FreeBSD.org/patches/SA-21:04/jail_remove.13.patch
# fetch https://security.FreeBSD.org/patches/SA-21:04/jail_remove.13.patch.asc
# gpg --verify jail_remove.13.patch.asc
[FreeBSD 11.x, FreeBSD 12.x]
# fetch https://security.FreeBSD.org/patches/SA-21:04/jail_remove.patch
# fetch https://security.FreeBSD.org/patches/SA-21:04/jail_remove.patch.asc
# gpg --verify jail_remove.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/13/ 894360bacd42f021551f76518edd445f6d299f2e
releng/13.0/ 9f00cb5fa8a438e7b9efb2158f2e2edc730badd1
stable/12/ r369312
releng/12.2/ r369353
stable/11/ r369313
releng/11.4/ r369347
- -------------------------------------------------------------------------
[FreeBSD 13.x]
To see which files were modified by a particular revision, run the following
command in a checked out git repository, replacing NNNNNN with the revision
hash:
# git show --stat NNNNNN
Or visit the following URL, replace NNNNNN with the revision hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
[FreeBSD 11.x, FreeBSD 12.x]
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25581>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:04.jail_remove.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmA15dYACgkQ05eS9J6n
5cK69Q//UI2SeHrGXytm6ScQzCIbFPlUXlhkCX51WSOJmr/LUXpF9bcUhW73qqov
/c70VGF876woMXHkbfYnCVdB4ETLIqTbGOl2aw/c8fuwrmFdtyeDEQ4SRRfWgdC4
L6jEgMvB/fMO9e662k19f6RFXrdMspK4rOz3/aowTFbOEvD3Q0HpBUnFbWWg3Iiy
I190M0jbytFuZ2EJQ563bbRFFjEafZ51SKYz1FcR3cJAbVo/q75G3uDrjeNhnHxZ
0VqcTGHmF4Lh+RocUeW0v/1wHL8lBpoAKXmo4IL+FhFIR8fjVpKbGSm/IHSueatT
Tr6xOg93Ef+sETWVn9Jv26BAU06LEM/ZuXz+HS7T7DwnJJeKa3d74KTJnnGauE24
67OO0i4Fok9Yyy2ArBH8V8mnzdW96dJyHrwdG0UUBddYlEyzArxkUQZyoIdj1Gb1
fns8ndY8t5tky2fxHZG2UMBWwQKBtbMZY027JRylAJWExsG6wH7DcUJ51FpcnbNe
r3QvCB+ifOBGzFd2S4PduttxHW+xldWknah8513u9mRNCwnSFbY9ZXTpSeDmJaPo
hYAZ2WlDodkaJxbTTMbJ+4fr6wMkmWf32g5pRh+wDfMAd0Wvbzmu/+fUQVf54FNU
Qb91AAtVBuIE0J8jKqZxw+dtno+e6etmO1pXoZXvPHUr2N2BJmI=
=yxgm
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-SA-21:04.jail_remove Security Advisory
The FreeBSD Project
Topic: jail_remove(2) fails to kill all jailed processes
Category: core
Module: jail
Announced: 2021-02-24
Credits: Mateusz Guzik
Affects: All supported versions of FreeBSD.
Corrected: 2021-02-19 01:22:08 UTC (stable/13, 13.0-STABLE)
2021-02-19 21:53:07 UTC (releng/13.0, 13.0-BETA3-p1)
2021-02-19 21:46:31 UTC (stable/12, 12.2-STABLE)
2021-02-24 01:43:39 UTC (releng/12.2, 12.2-RELEASE-p4)
2021-02-19 21:50:26 UTC (stable/11, 11.4-STABLE)
2021-02-24 01:41:41 UTC (releng/11.4, 11.4-RELEASE-p8)
CVE Name: CVE-2020-25581
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The jail(2) system call allows a system administrator to lock a process
and all of its descendants inside an environment with a very limited
ability to affect the system outside that environment, even for
processes with superuser privileges. It is an extension of, but
far more powerful than, the traditional UNIX chroot(2) system call.
The jail_remove(2) system call, which was introduced in FreeBSD 8.0,
allows a non-jailed process to remove a jail, which includes terminating
all the processes running in that jail.
II. Problem Description
Due to a race condition in the jail_remove(2) implementation, it may fail
to kill some of the processes.
III. Impact
A process running inside a jail can avoid being killed during jail termination.
If a jail is subsequently started with the same root path, a lingering jailed
process may be able to exploit the window during which a devfs filesystem is
mounted but the jail's devfs ruleset has not been applied, to access device
nodes which are ordinarily inaccessible. If the process is privileged, it may
be able to escape the jail and gain full access to the system.
IV. Workaround
The problem is limited to scenarios where a jail containing an untrusted,
privileged process is stopped, and a jail is subsequently started with the same
root path. Users not running jails are not affected, and the problem can be
avoided by not starting a jail with the same path as a previously stopped jail.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 13.x]
# fetch https://security.FreeBSD.org/patches/SA-21:04/jail_remove.13.patch
# fetch https://security.FreeBSD.org/patches/SA-21:04/jail_remove.13.patch.asc
# gpg --verify jail_remove.13.patch.asc
[FreeBSD 11.x, FreeBSD 12.x]
# fetch https://security.FreeBSD.org/patches/SA-21:04/jail_remove.patch
# fetch https://security.FreeBSD.org/patches/SA-21:04/jail_remove.patch.asc
# gpg --verify jail_remove.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/13/ 894360bacd42f021551f76518edd445f6d299f2e
releng/13.0/ 9f00cb5fa8a438e7b9efb2158f2e2edc730badd1
stable/12/ r369312
releng/12.2/ r369353
stable/11/ r369313
releng/11.4/ r369347
- -------------------------------------------------------------------------
[FreeBSD 13.x]
To see which files were modified by a particular revision, run the following
command in a checked out git repository, replacing NNNNNN with the revision
hash:
# git show --stat NNNNNN
Or visit the following URL, replace NNNNNN with the revision hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
[FreeBSD 11.x, FreeBSD 12.x]
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25581>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:04.jail_remove.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmA15dYACgkQ05eS9J6n
5cK69Q//UI2SeHrGXytm6ScQzCIbFPlUXlhkCX51WSOJmr/LUXpF9bcUhW73qqov
/c70VGF876woMXHkbfYnCVdB4ETLIqTbGOl2aw/c8fuwrmFdtyeDEQ4SRRfWgdC4
L6jEgMvB/fMO9e662k19f6RFXrdMspK4rOz3/aowTFbOEvD3Q0HpBUnFbWWg3Iiy
I190M0jbytFuZ2EJQ563bbRFFjEafZ51SKYz1FcR3cJAbVo/q75G3uDrjeNhnHxZ
0VqcTGHmF4Lh+RocUeW0v/1wHL8lBpoAKXmo4IL+FhFIR8fjVpKbGSm/IHSueatT
Tr6xOg93Ef+sETWVn9Jv26BAU06LEM/ZuXz+HS7T7DwnJJeKa3d74KTJnnGauE24
67OO0i4Fok9Yyy2ArBH8V8mnzdW96dJyHrwdG0UUBddYlEyzArxkUQZyoIdj1Gb1
fns8ndY8t5tky2fxHZG2UMBWwQKBtbMZY027JRylAJWExsG6wH7DcUJ51FpcnbNe
r3QvCB+ifOBGzFd2S4PduttxHW+xldWknah8513u9mRNCwnSFbY9ZXTpSeDmJaPo
hYAZ2WlDodkaJxbTTMbJ+4fr6wMkmWf32g5pRh+wDfMAd0Wvbzmu/+fUQVf54FNU
Qb91AAtVBuIE0J8jKqZxw+dtno+e6etmO1pXoZXvPHUr2N2BJmI=
=yxgm
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:06.xen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-21:06.xen Security Advisory
The FreeBSD Project
Topic: Xen grant mapping error handling issues
Category: contrib
Module: xen
Announced: 2021-02-24
Credits: See Xen XSA-361 for details
Affects: All supported versions of FreeBSD.
Corrected: 2021-02-23 00:55:14 UTC (stable/13, 13.0-STABLE)
2021-02-24 01:42:35 UTC (releng/13.0, 13.0-BETA3-p1)
2021-02-23 00:58:03 UTC (stable/12, 12.2-STABLE)
2021-02-24 01:43:59 UTC (releng/12.2, 12.2-RELEASE-p4)
2021-02-23 00:59:23 UTC (stable/11, 11.4-STABLE)
2021-02-24 01:41:51 UTC (releng/11.4, 11.4-RELEASE-p8)
CVE Name: CVE-2021-26932
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
Xen is a type-1 hypervisor which supports FreeBSD as a Dom0 (or host domain).
II. Problem Description
Grant mapping operations often occur in batch hypercalls, where a number of
operations are done in a single hypercall, the success or failure of each one
reported to the backend driver, and the backend driver then loops over the
results, performing follow-up actions based on the success or failure of each
operation.
Unfortunately, when running in HVM/PVH mode, the FreeBSD backend drivers
mishandle this: Some errors are ignored, effectively implying their success
from the success of related batch elements. In other cases, errors resulting
from one batch element lead to further batch elements not being inspected,
and hence successful ones to not be possible to properly unmap upon error
recovery.
III. Impact
A malicious or buggy frontend driver may be able to cause resource leaks
in the domain running the corresponding backend driver.
IV. Workaround
No workaround is available. FreeBSD systems not using Xen are not
affected.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-21:06/xen.patch
# fetch https://security.FreeBSD.org/patches/SA-21:06/xen.patch.asc
# gpg --verify xen.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/13/ ab3e1bd3c22a222520c23c2793cc39e3a23c9b46
releng/13.0/ ce9af53d0897a1cb926bd244f499fc09b1626b27
stable/12/ r369341
releng/12.2/ r369358
stable/11/ r369342
releng/11.4/ r369350
- -------------------------------------------------------------------------
[FreeBSD 13.x]
To see which files were modified by a particular revision, run the following
command in a checked out git repository, replacing NNNNNN with the revision
hash:
# git show --stat NNNNNN
Or visit the following URL, replace NNNNNN with the revision hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
[FreeBSD 11.x, FreeBSD 12.x]
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://xenbits.xen.org/xsa/advisory-361.html>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:06.xen.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmA15dcACgkQ05eS9J6n
5cKBJg//aACyR6yp/rs1MaAMj2QIm53y+s1/0qRQmAYTq7QVnMNhauGLIUdd7BPQ
O3Gj1fsdpg3iNpKXn20YweUpTQqt4xHxNg+A+cYxexHJ/mepVVnY4OMwWh2est17
2p9Sj3k0vNQ/AdYXELyKW7UA5/tHncFv6EGzdAsGYf4kGUL89bnmWkmcBLR9JZ9a
iF83WhKhLe3O7KzkryMzCh72nbHnKicjrgvun4VH4p5/FrjqNjoPESvGhT6hyObK
80aKN610j/ZdDNdjD0wO62IGB8QGzx/hpr3TIIQ05ydGsuurFKJQYwknYL7rbpuf
GaINHkQTcB+8aWsqSQxq3HTy3P7hEdA3HDzounpAOtYHk+Ff8ZeuH0ZVtJYXP6FP
lbFZoYzXak8odKZp5tNBO8Vu9qiuzthY/ImhZ0d5e+gQ5Bk2Nu68vwie2TGRpLEN
EQYIiIS1AnFsEhDx78UuEojUT/UmMIbv7GNyryv2ElThf1uIH86wtXonie8OFjPp
EGYu4OS/m+FO5fTcEty5ayEsQI0i4mnj83BBdq8sq2lpQbdJjKDSaykHfJ4PEMKi
/WRWiWjlS6fhu+rPC7rJ5b7FoDLXh6hm3uFuD/zNjOmpFFyjNE/O4JCH2zoAdH3C
ygVMUqa4qFalsC3vntk2YweBX4D7za95z4oCDwrFBm4ZWGYcwgs=
=fN2Q
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-SA-21:06.xen Security Advisory
The FreeBSD Project
Topic: Xen grant mapping error handling issues
Category: contrib
Module: xen
Announced: 2021-02-24
Credits: See Xen XSA-361 for details
Affects: All supported versions of FreeBSD.
Corrected: 2021-02-23 00:55:14 UTC (stable/13, 13.0-STABLE)
2021-02-24 01:42:35 UTC (releng/13.0, 13.0-BETA3-p1)
2021-02-23 00:58:03 UTC (stable/12, 12.2-STABLE)
2021-02-24 01:43:59 UTC (releng/12.2, 12.2-RELEASE-p4)
2021-02-23 00:59:23 UTC (stable/11, 11.4-STABLE)
2021-02-24 01:41:51 UTC (releng/11.4, 11.4-RELEASE-p8)
CVE Name: CVE-2021-26932
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
Xen is a type-1 hypervisor which supports FreeBSD as a Dom0 (or host domain).
II. Problem Description
Grant mapping operations often occur in batch hypercalls, where a number of
operations are done in a single hypercall, the success or failure of each one
reported to the backend driver, and the backend driver then loops over the
results, performing follow-up actions based on the success or failure of each
operation.
Unfortunately, when running in HVM/PVH mode, the FreeBSD backend drivers
mishandle this: Some errors are ignored, effectively implying their success
from the success of related batch elements. In other cases, errors resulting
from one batch element lead to further batch elements not being inspected,
and hence successful ones to not be possible to properly unmap upon error
recovery.
III. Impact
A malicious or buggy frontend driver may be able to cause resource leaks
in the domain running the corresponding backend driver.
IV. Workaround
No workaround is available. FreeBSD systems not using Xen are not
affected.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-21:06/xen.patch
# fetch https://security.FreeBSD.org/patches/SA-21:06/xen.patch.asc
# gpg --verify xen.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/13/ ab3e1bd3c22a222520c23c2793cc39e3a23c9b46
releng/13.0/ ce9af53d0897a1cb926bd244f499fc09b1626b27
stable/12/ r369341
releng/12.2/ r369358
stable/11/ r369342
releng/11.4/ r369350
- -------------------------------------------------------------------------
[FreeBSD 13.x]
To see which files were modified by a particular revision, run the following
command in a checked out git repository, replacing NNNNNN with the revision
hash:
# git show --stat NNNNNN
Or visit the following URL, replace NNNNNN with the revision hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
[FreeBSD 11.x, FreeBSD 12.x]
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://xenbits.xen.org/xsa/advisory-361.html>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:06.xen.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmA15dcACgkQ05eS9J6n
5cKBJg//aACyR6yp/rs1MaAMj2QIm53y+s1/0qRQmAYTq7QVnMNhauGLIUdd7BPQ
O3Gj1fsdpg3iNpKXn20YweUpTQqt4xHxNg+A+cYxexHJ/mepVVnY4OMwWh2est17
2p9Sj3k0vNQ/AdYXELyKW7UA5/tHncFv6EGzdAsGYf4kGUL89bnmWkmcBLR9JZ9a
iF83WhKhLe3O7KzkryMzCh72nbHnKicjrgvun4VH4p5/FrjqNjoPESvGhT6hyObK
80aKN610j/ZdDNdjD0wO62IGB8QGzx/hpr3TIIQ05ydGsuurFKJQYwknYL7rbpuf
GaINHkQTcB+8aWsqSQxq3HTy3P7hEdA3HDzounpAOtYHk+Ff8ZeuH0ZVtJYXP6FP
lbFZoYzXak8odKZp5tNBO8Vu9qiuzthY/ImhZ0d5e+gQ5Bk2Nu68vwie2TGRpLEN
EQYIiIS1AnFsEhDx78UuEojUT/UmMIbv7GNyryv2ElThf1uIH86wtXonie8OFjPp
EGYu4OS/m+FO5fTcEty5ayEsQI0i4mnj83BBdq8sq2lpQbdJjKDSaykHfJ4PEMKi
/WRWiWjlS6fhu+rPC7rJ5b7FoDLXh6hm3uFuD/zNjOmpFFyjNE/O4JCH2zoAdH3C
ygVMUqa4qFalsC3vntk2YweBX4D7za95z4oCDwrFBm4ZWGYcwgs=
=fN2Q
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:05.jail_chdir
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-21:05.jail_chdir Security Advisory
The FreeBSD Project
Topic: jail_attach(2) relies on the caller to change the cwd
Category: core
Module: jail
Announced: 2021-02-24
Credits: Mateusz Guzik
Affects: All supported versions of FreeBSD.
Corrected: 2021-02-22 05:49:40 UTC (stable/13, 13.0-STABLE)
2021-02-22 18:25:23 UTC (releng/13.0, 13.0-BETA3-p1)
2021-02-22 19:03:43 UTC (stable/12, 12.2-STABLE)
2021-02-24 01:43:47 UTC (releng/12.2, 12.2-RELEASE-p4)
2021-02-22 19:08:27 UTC (stable/11, 11.4-STABLE)
2021-02-24 01:41:46 UTC (releng/11.4, 11.4-RELEASE-p8)
CVE Name: CVE-2020-25582
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The jail(2) system call allows a system administrator to lock a process
and all of its descendants inside an environment with a very limited
ability to affect the system outside that environment, even for
processes with superuser privileges. It is an extension of, but
far more powerful than, the traditional UNIX chroot(2) system call.
The jail_attach(2) system call, which was introduced in FreeBSD 5
before 5.1-RELEASE, allows a non-jailed process to permanently move
into an existing jail.
The ptrace(2) system call provides tracing and debugging facilities by
allowing one process (the tracing process) to watch and control
another (the traced process).
II. Problem Description
When a process, such as jexec(8) or killall(1), calls jail_attach(2)
to enter a jail, the jailed root can attach to it using ptrace(2) before
the current working directory is changed.
III. Impact
A process with superuser privileges running inside a jail could change
the root directory outside of the jail, thereby gaining full read and
writing access to all files and directories in the system.
IV. Workaround
No workaround is available, but systems that are not running jails with
untrusted root users are not vulnerable.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 13.x]
# fetch https://security.FreeBSD.org/patches/SA-21:05/jail_chdir.13.patch
# fetch https://security.FreeBSD.org/patches/SA-21:05/jail_chdir.13.patch.asc
# gpg --verify jail_chdir.13.patch.asc
[FreeBSD 11.x, FreeBSD 12.x]
# fetch https://security.FreeBSD.org/patches/SA-21:05/jail_chdir.patch
# fetch https://security.FreeBSD.org/patches/SA-21:05/jail_chdir.patch.asc
# gpg --verify jail_chdir.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/13/ 5dbb407145c8128753fa30b695bc266dc671e433
releng/13.0/ f3f042d850baaeda1bed19e00c2b3b578644b7e9
stable/12/ r369334
releng/12.2/ r369354
stable/11/ r369335
releng/11.4/ r369348
- -------------------------------------------------------------------------
[FreeBSD 13.x]
To see which files were modified by a particular revision, run the following
command in a checked out git repository, replacing NNNNNN with the revision
hash:
# git show --stat NNNNNN
Or visit the following URL, replace NNNNNN with the revision hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
[FreeBSD 11.x, FreeBSD 12.x]
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25582>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmA15dYACgkQ05eS9J6n
5cKj/xAAjbGc0bV3Ua8PuIFoDk7ADnwNotFV9PlXknWpeM4fXVVrt5EDncMfgHdw
XeKHOjzKNocOCtDioDhOcev9hhLeiYJjGHKrOQeKv34hJoufd6Wr0nvLgv/IVlMr
iZRVndvG1eBlnkwzlbx0xh1OY9zhffqjEiVkQNxXZV0iz/P2ndG0wP7N/bTG2QW3
1mZmp4Fh9AsbjLPVGyutoLZXiypuroGPLQZrth3n7Cz8HklwyPzoAgPOYx7mMW3D
x1Th6kYIEx1aCe+ZBsgOuPsKeZ4SSB5o1w2F5y+mor/rslgQJAppNakBMmyDkSEI
UhEqLGNA469P0qonCHhGY83wfkuUedFTuWLrdnh97J7yr+WIn1ik1/jBXxv3+1kS
bKivBd/oj6hEFULE7r6T/UVomJjU+dPPBm+ewljJFVib+3zIQsbxauLdqUuqWlob
QUkQc4mu7fjVSAMyVbYVrjBAgwQJit0KfX+JSbEcLndmPv1RCK8wnxIf0zbmV2m/
DMg9QGqwfcJkba6Y/JCAFZcl+HUCfEGUqZ7pEqGuwsp3wnMwO7Qg9IAEmDt8i2lf
6kaqAatJ5Reo/D+j6KJFvGCajnEfD0n+jDx8cdJFNY2Zzbo3/lRGd8dque5OEbTA
O0UZu2hRv5YMIagMf57WWzGrF+ACtgYbath710IKfVUfP/OiCIM=
=/d5L
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-SA-21:05.jail_chdir Security Advisory
The FreeBSD Project
Topic: jail_attach(2) relies on the caller to change the cwd
Category: core
Module: jail
Announced: 2021-02-24
Credits: Mateusz Guzik
Affects: All supported versions of FreeBSD.
Corrected: 2021-02-22 05:49:40 UTC (stable/13, 13.0-STABLE)
2021-02-22 18:25:23 UTC (releng/13.0, 13.0-BETA3-p1)
2021-02-22 19:03:43 UTC (stable/12, 12.2-STABLE)
2021-02-24 01:43:47 UTC (releng/12.2, 12.2-RELEASE-p4)
2021-02-22 19:08:27 UTC (stable/11, 11.4-STABLE)
2021-02-24 01:41:46 UTC (releng/11.4, 11.4-RELEASE-p8)
CVE Name: CVE-2020-25582
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
The jail(2) system call allows a system administrator to lock a process
and all of its descendants inside an environment with a very limited
ability to affect the system outside that environment, even for
processes with superuser privileges. It is an extension of, but
far more powerful than, the traditional UNIX chroot(2) system call.
The jail_attach(2) system call, which was introduced in FreeBSD 5
before 5.1-RELEASE, allows a non-jailed process to permanently move
into an existing jail.
The ptrace(2) system call provides tracing and debugging facilities by
allowing one process (the tracing process) to watch and control
another (the traced process).
II. Problem Description
When a process, such as jexec(8) or killall(1), calls jail_attach(2)
to enter a jail, the jailed root can attach to it using ptrace(2) before
the current working directory is changed.
III. Impact
A process with superuser privileges running inside a jail could change
the root directory outside of the jail, thereby gaining full read and
writing access to all files and directories in the system.
IV. Workaround
No workaround is available, but systems that are not running jails with
untrusted root users are not vulnerable.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 13.x]
# fetch https://security.FreeBSD.org/patches/SA-21:05/jail_chdir.13.patch
# fetch https://security.FreeBSD.org/patches/SA-21:05/jail_chdir.13.patch.asc
# gpg --verify jail_chdir.13.patch.asc
[FreeBSD 11.x, FreeBSD 12.x]
# fetch https://security.FreeBSD.org/patches/SA-21:05/jail_chdir.patch
# fetch https://security.FreeBSD.org/patches/SA-21:05/jail_chdir.patch.asc
# gpg --verify jail_chdir.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/13/ 5dbb407145c8128753fa30b695bc266dc671e433
releng/13.0/ f3f042d850baaeda1bed19e00c2b3b578644b7e9
stable/12/ r369334
releng/12.2/ r369354
stable/11/ r369335
releng/11.4/ r369348
- -------------------------------------------------------------------------
[FreeBSD 13.x]
To see which files were modified by a particular revision, run the following
command in a checked out git repository, replacing NNNNNN with the revision
hash:
# git show --stat NNNNNN
Or visit the following URL, replace NNNNNN with the revision hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
[FreeBSD 11.x, FreeBSD 12.x]
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25582>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:05.jail_chdir.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmA15dYACgkQ05eS9J6n
5cKj/xAAjbGc0bV3Ua8PuIFoDk7ADnwNotFV9PlXknWpeM4fXVVrt5EDncMfgHdw
XeKHOjzKNocOCtDioDhOcev9hhLeiYJjGHKrOQeKv34hJoufd6Wr0nvLgv/IVlMr
iZRVndvG1eBlnkwzlbx0xh1OY9zhffqjEiVkQNxXZV0iz/P2ndG0wP7N/bTG2QW3
1mZmp4Fh9AsbjLPVGyutoLZXiypuroGPLQZrth3n7Cz8HklwyPzoAgPOYx7mMW3D
x1Th6kYIEx1aCe+ZBsgOuPsKeZ4SSB5o1w2F5y+mor/rslgQJAppNakBMmyDkSEI
UhEqLGNA469P0qonCHhGY83wfkuUedFTuWLrdnh97J7yr+WIn1ik1/jBXxv3+1kS
bKivBd/oj6hEFULE7r6T/UVomJjU+dPPBm+ewljJFVib+3zIQsbxauLdqUuqWlob
QUkQc4mu7fjVSAMyVbYVrjBAgwQJit0KfX+JSbEcLndmPv1RCK8wnxIf0zbmV2m/
DMg9QGqwfcJkba6Y/JCAFZcl+HUCfEGUqZ7pEqGuwsp3wnMwO7Qg9IAEmDt8i2lf
6kaqAatJ5Reo/D+j6KJFvGCajnEfD0n+jDx8cdJFNY2Zzbo3/lRGd8dque5OEbTA
O0UZu2hRv5YMIagMf57WWzGrF+ACtgYbath710IKfVUfP/OiCIM=
=/d5L
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Subscribe to:
Posts (Atom)