VARIoT IoT vulnerabilities database

A vulnerability in the web-based management interface of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco Stealthwatch Enterprise Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Cisco Stealthwatch Enterprise is a set of enterprise network security protection solutions from Cisco (Cisco). The product has functions such as security event analysis, network segment management and data protection

Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set). Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiOS 5.6.10 and earlier versions, 6.0.6 and earlier versions, and 6.2.0 versions have security vulnerabilities. Fortinet FortiOS is prone to a hardcoded cryptographic key vulnerability. Successful exploits will allow malicious users to obtain sensitive information that may aid in further attacks

A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation. LenovoPaper There is a privilege management vulnerability in the software.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Paper is a set of paper display mode support software from China Lenovo (Lenovo). A security vulnerability exists in Lenovo Paper. An attacker could exploit this vulnerability to elevate privileges

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an administrative user to load an unsigned DLL. Lenovo System Interface Foundation Contains an unreliable search path vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo System Interface Foundation is a set of software used by China Lenovo (Lenovo) to communicate with hardware devices

A potential vulnerability was reported in Lenovo System Interface Foundation versions before v1.1.18.3 that could allow an authenticated user to execute code as another user. Lenovo System Interface Foundation Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo System Interface Foundation is a set of software used by China Lenovo (Lenovo) to communicate with hardware devices

A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. An attacker could exploit this vulnerability to elevate privileges

MCGS is a Windows-based configuration software system developed by Beijing Kunlun Tongstate Automation Software Technology Co., Ltd., which is used to quickly construct and generate a host computer monitoring system. It mainly completes field data collection and monitoring, front-end data processing and Control, can run on Microsoft Windows 95/98 / Me / NT / 2000 / xp and other operating systems. The Kunlun Tong State MCGS touch screen TPC1062Ti system has an information disclosure vulnerability. An attacker can use the vulnerability to send special messages to specific ports to obtain key information of the system. You can log in to the telnet server, view the critical system, and perform any operation. Microsoft Windows 95/98/Me/NT/2000/xp And other operating systems

/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter. PHICOMM K2(PSG1218) The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHICOMM K2 is a wireless router of China PHICOMM. A remote code execution vulnerability PHICOMM K2 V22.5.9.163 version /usr/lib/lua/luci/controller/admin/autoupgrade.lua, a remote attacker can make use of 'autoUpTime' parameter shell meta characters to exploit the vulnerability to perform arbitrary commands

140NOE77101 is an Ethernet communication module for Schneider's Quantum series PLC. The Schneider 140NOE77101 Ethernet module MODBUS protocol has a denial of service vulnerability. An attacker can use this vulnerability to deny service to the server

permission and access control vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can construct a URL for directory traversal and access to other unauthorized files or resources. C520V21 smart camera The device contains a path traversal vulnerability.Information may be obtained. ZTE C520V21 is an intelligent web camera of China ZTE Corporation

authentication issues vulnerability, which exists in V2.1.14 and below versions of C520V21 smart camera devices. An attacker can automatically obtain access to web services from the authorized browser of the same computer and perform operations. ZTE C520V21 is an intelligent web camera of China ZTE Corporation

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.208/*: Upgraded. IPV6_MULTIPLE_TABLES n -> y +IPV6_SUBTREES y These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.203: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15917 Fixed in 4.4.204: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683 Fixed in 4.4.206: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12614 Fixed in 4.4.207: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19062 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19338 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19332 Fixed in 4.4.208: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-generic-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-huge-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-modules-smp-4.4.208_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-generic-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-headers-4.4.208-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-huge-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-modules-4.4.208-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.208/kernel-source-4.4.208-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: ef3ab53561656d90c19389bed7f883ea kernel-generic-4.4.208-i586-1.txz ce33ac504adf47d140c3d9ffbf7589b2 kernel-generic-smp-4.4.208_smp-i686-1.txz 2fb222e279ceacf6e3af294a1cce54e9 kernel-headers-4.4.208_smp-x86-1.txz c237d6708a9d59080deb5a6659d1acf1 kernel-huge-4.4.208-i586-1.txz 29018038f4e0510dfa7e9cdfe69c994a kernel-huge-smp-4.4.208_smp-i686-1.txz 6518395d78e7c7b323bd964dd3b9ed13 kernel-modules-4.4.208-i586-1.txz 440885e37ee410473bf1c9a6b028dd8b kernel-modules-smp-4.4.208_smp-i686-1.txz 969021b83f0cb73d7b745b3d77bdbee0 kernel-source-4.4.208_smp-noarch-1.txz Slackware x86_64 14.2 packages: d6edb0754c752aaf8fcbd8d4d5bfc30a kernel-generic-4.4.208-x86_64-1.txz 10255231f7085336046b49e829bf972c kernel-headers-4.4.208-x86-1.txz 369fa14fb7f59f1e903402be3ad685e7 kernel-huge-4.4.208-x86_64-1.txz b8c8261fbb6bed66c3ded3aa36e206df kernel-modules-4.4.208-x86_64-1.txz 83f37ca83c19fe8d1a785c93cc1ad6f5 kernel-source-4.4.208-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.208 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.208-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.208 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2020:1769-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1769 Issue date: 2020-04-28 CVE Names: CVE-2018-16871 CVE-2019-8980 CVE-2019-10639 CVE-2019-15090 CVE-2019-15099 CVE-2019-15221 CVE-2019-17053 CVE-2019-17055 CVE-2019-18805 CVE-2019-19057 CVE-2019-19073 CVE-2019-19074 CVE-2019-19534 CVE-2019-19768 CVE-2019-19922 CVE-2020-1749 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Security Fix(es): * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980) * kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. (CVE-2019-17053) * kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) * kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805) * kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534) * kernel: some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749) * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) * kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090) * kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099) * kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221) * kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057) * kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073) * kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074) * kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1655162 - CVE-2018-16871 kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence 1679972 - CVE-2019-8980 kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service 1729933 - CVE-2019-10639 Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR 1738741 - L2 guest hit kernel panic when do L1->L1 live migration on PML-enabled intel host 1743526 - CVE-2019-15090 kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure 1743560 - CVE-2019-15099 kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash 1749633 - kernel: brk can grow the heap into the area reserved for the stack 1749974 - CVE-2019-15221 kernel: Null pointer dereference in the sound/usb/line6/pcm.c 1752765 - conntrack tool delete entry with CIDR crash 1757902 - fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITSd 1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. 1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. 1765547 - Fallocate on XFS may discard concurrent AIO write 1767664 - Backport CIFS stale ESTALE handling and dentry revalidation patches 1771430 - svcrdma: Increase the default connection credit limit 1771496 - CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c 1771691 - Process killed while opening a file can result in leaked open handle on the server 1774933 - CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS 1774937 - CVE-2019-19073 kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) 1775050 - CVE-2019-19057 kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS 1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver 1786164 - CVE-2019-19768 kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c 1789594 - kernel: Wrong FE0/FE1 MSR restore in signal handlers on ppc64le 1792512 - CVE-2019-19922 kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications 1795049 - RHEL8: Latency issue on Kubernetes / k8s / OpenShift 1803162 - [NFS] Dataloss with copy_file_range on NFS-mounted files that is not 4K aligned on RHEL 8. 1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel. 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: kernel-4.18.0-193.el8.src.rpm aarch64: bpftool-4.18.0-193.el8.aarch64.rpm bpftool-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-4.18.0-193.el8.aarch64.rpm kernel-core-4.18.0-193.el8.aarch64.rpm kernel-cross-headers-4.18.0-193.el8.aarch64.rpm kernel-debug-4.18.0-193.el8.aarch64.rpm kernel-debug-core-4.18.0-193.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debug-devel-4.18.0-193.el8.aarch64.rpm kernel-debug-modules-4.18.0-193.el8.aarch64.rpm kernel-debug-modules-extra-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.el8.aarch64.rpm kernel-devel-4.18.0-193.el8.aarch64.rpm kernel-headers-4.18.0-193.el8.aarch64.rpm kernel-modules-4.18.0-193.el8.aarch64.rpm kernel-modules-extra-4.18.0-193.el8.aarch64.rpm kernel-tools-4.18.0-193.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-tools-libs-4.18.0-193.el8.aarch64.rpm perf-4.18.0-193.el8.aarch64.rpm perf-debuginfo-4.18.0-193.el8.aarch64.rpm python3-perf-4.18.0-193.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-193.el8.aarch64.rpm noarch: kernel-abi-whitelists-4.18.0-193.el8.noarch.rpm kernel-doc-4.18.0-193.el8.noarch.rpm ppc64le: bpftool-4.18.0-193.el8.ppc64le.rpm bpftool-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-4.18.0-193.el8.ppc64le.rpm kernel-core-4.18.0-193.el8.ppc64le.rpm kernel-cross-headers-4.18.0-193.el8.ppc64le.rpm kernel-debug-4.18.0-193.el8.ppc64le.rpm kernel-debug-core-4.18.0-193.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debug-devel-4.18.0-193.el8.ppc64le.rpm kernel-debug-modules-4.18.0-193.el8.ppc64le.rpm kernel-debug-modules-extra-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.el8.ppc64le.rpm kernel-devel-4.18.0-193.el8.ppc64le.rpm kernel-headers-4.18.0-193.el8.ppc64le.rpm kernel-modules-4.18.0-193.el8.ppc64le.rpm kernel-modules-extra-4.18.0-193.el8.ppc64le.rpm kernel-tools-4.18.0-193.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-tools-libs-4.18.0-193.el8.ppc64le.rpm perf-4.18.0-193.el8.ppc64le.rpm perf-debuginfo-4.18.0-193.el8.ppc64le.rpm python3-perf-4.18.0-193.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.el8.ppc64le.rpm s390x: bpftool-4.18.0-193.el8.s390x.rpm bpftool-debuginfo-4.18.0-193.el8.s390x.rpm kernel-4.18.0-193.el8.s390x.rpm kernel-core-4.18.0-193.el8.s390x.rpm kernel-cross-headers-4.18.0-193.el8.s390x.rpm kernel-debug-4.18.0-193.el8.s390x.rpm kernel-debug-core-4.18.0-193.el8.s390x.rpm kernel-debug-debuginfo-4.18.0-193.el8.s390x.rpm kernel-debug-devel-4.18.0-193.el8.s390x.rpm kernel-debug-modules-4.18.0-193.el8.s390x.rpm kernel-debug-modules-extra-4.18.0-193.el8.s390x.rpm kernel-debuginfo-4.18.0-193.el8.s390x.rpm kernel-debuginfo-common-s390x-4.18.0-193.el8.s390x.rpm kernel-devel-4.18.0-193.el8.s390x.rpm kernel-headers-4.18.0-193.el8.s390x.rpm kernel-modules-4.18.0-193.el8.s390x.rpm kernel-modules-extra-4.18.0-193.el8.s390x.rpm kernel-tools-4.18.0-193.el8.s390x.rpm kernel-tools-debuginfo-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-core-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-debuginfo-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-devel-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-modules-4.18.0-193.el8.s390x.rpm kernel-zfcpdump-modules-extra-4.18.0-193.el8.s390x.rpm perf-4.18.0-193.el8.s390x.rpm perf-debuginfo-4.18.0-193.el8.s390x.rpm python3-perf-4.18.0-193.el8.s390x.rpm python3-perf-debuginfo-4.18.0-193.el8.s390x.rpm x86_64: bpftool-4.18.0-193.el8.x86_64.rpm bpftool-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-4.18.0-193.el8.x86_64.rpm kernel-core-4.18.0-193.el8.x86_64.rpm kernel-cross-headers-4.18.0-193.el8.x86_64.rpm kernel-debug-4.18.0-193.el8.x86_64.rpm kernel-debug-core-4.18.0-193.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debug-devel-4.18.0-193.el8.x86_64.rpm kernel-debug-modules-4.18.0-193.el8.x86_64.rpm kernel-debug-modules-extra-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.el8.x86_64.rpm kernel-devel-4.18.0-193.el8.x86_64.rpm kernel-headers-4.18.0-193.el8.x86_64.rpm kernel-modules-4.18.0-193.el8.x86_64.rpm kernel-modules-extra-4.18.0-193.el8.x86_64.rpm kernel-tools-4.18.0-193.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-tools-libs-4.18.0-193.el8.x86_64.rpm perf-4.18.0-193.el8.x86_64.rpm perf-debuginfo-4.18.0-193.el8.x86_64.rpm python3-perf-4.18.0-193.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-193.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: bpftool-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debug-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-debuginfo-common-aarch64-4.18.0-193.el8.aarch64.rpm kernel-tools-debuginfo-4.18.0-193.el8.aarch64.rpm kernel-tools-libs-devel-4.18.0-193.el8.aarch64.rpm perf-debuginfo-4.18.0-193.el8.aarch64.rpm python3-perf-debuginfo-4.18.0-193.el8.aarch64.rpm ppc64le: bpftool-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debug-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-debuginfo-common-ppc64le-4.18.0-193.el8.ppc64le.rpm kernel-tools-debuginfo-4.18.0-193.el8.ppc64le.rpm kernel-tools-libs-devel-4.18.0-193.el8.ppc64le.rpm perf-debuginfo-4.18.0-193.el8.ppc64le.rpm python3-perf-debuginfo-4.18.0-193.el8.ppc64le.rpm x86_64: bpftool-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debug-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-debuginfo-common-x86_64-4.18.0-193.el8.x86_64.rpm kernel-tools-debuginfo-4.18.0-193.el8.x86_64.rpm kernel-tools-libs-devel-4.18.0-193.el8.x86_64.rpm perf-debuginfo-4.18.0-193.el8.x86_64.rpm python3-perf-debuginfo-4.18.0-193.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXqhVdNzjgjWX9erEAQhD/w//dPnDo2yo4d8QrzWDVVkXPNxRzhSCh7Rc vCtSYPB6YMydkKglUvdHS+ZGv+N/1xs8CTpAZ59q3NTiw2FdkCPfSuJiTwdCyOwc xars8lYLd2yKv/yhHXh5HDOloRRK26cKANvpUXFJCmbOq/muSEyhRTKKG2t+Iijn lMzS6BIheasfjupsy3K2JGeZCjKlH7u1yulJVH4BaQZ/K04NxKjOWGnZ9eAoP6gp AwPGT9YYT3Eg24NTaUVHBsrWMF7ybDkWuRav8TBHT8Uukoztjmypi/5C925tbVGM Ln36s+wfwPuytgos3JcjYVFhAzPwdtay99ZlXukeJlVXBc/AZEqkE3tp1dOUz5o/ QwjX2TByLMa6XAMWtNjW8AOcx30VuG73EoYNussB/J9+1eeehj7VpdAp/AWQm7q0 dHe0U6Pzm48vWLvuBzuc1JLC87ssbIC1n4WrfyUm86ECT8WZ4TsF8FZwlrzMB8Au wPMo9RHXb4gU9WgSfdikOvZy8DnyUfSIPnlyK71iaa7rqRlPVWM/XqDq7so7KF1o 3dE9bquitvi5H8/sEsgRGiqA6tb1Lh+mjhbE5FQxAggKnXz83UpJjk9aSL3dj+yY W1XxCp5lPPLclygA8lo7sqgD6RCBjWxzyGZBK0SoLzv2qHzrhxBeM0mOmhH7xRb5 N2G5/HRp5K8=0ugo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4287-2 February 18, 2020 linux-azure vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems Details: USN-4287-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. (CVE-2019-14615) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15099) It was discovered that the HSA Linux kernel driver for AMD GPU devices did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16229) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232) It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. (CVE-2019-18683) It was discovered that the Renesas Digital Radio Interface (DRIF) driver in the Linux kernel did not properly initialize data. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-18786) It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-18809) It was discovered that the btrfs file system in the Linux kernel did not properly validate metadata, leading to a NULL pointer dereference. An attacker could use this to specially craft a file system image that, when mounted, could cause a denial of service (system crash). (CVE-2019-19057) It was discovered that the crypto subsystem in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19062) It was discovered that the Realtek rtlwifi USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19063) It was discovered that the RSI 91x WLAN device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19071) It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19078) It was discovered that the AMD GPU device drivers in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19082) Dan Carpenter discovered that the AppleTalk networking subsystem of the Linux kernel did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-19227) It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle ioctl requests to get emulated CPUID features. An attacker with access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-19332) It was discovered that the ext4 file system implementation in the Linux kernel did not properly handle certain conditions. An attacker could use this to specially craft an ext4 file system that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19767) Gao Chuan discovered that the SAS Class driver in the Linux kernel contained a race condition that could lead to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-19965) It was discovered that the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-20096) Mitchell Frank discovered that the Wi-Fi implementation in the Linux kernel when used as an access point would send IAPP location updates for stations before client authentication had completed. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-5108) It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2020-7053) It was discovered that the B2C2 FlexCop USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15291) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: linux-image-4.15.0-1069-azure 4.15.0-1069.74~14.04.1 linux-image-azure 4.15.0.1069.55 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4287-2 https://usn.ubuntu.com/4287-1 CVE-2019-14615, CVE-2019-15099, CVE-2019-15291, CVE-2019-16229, CVE-2019-16232, CVE-2019-18683, CVE-2019-18786, CVE-2019-18809, CVE-2019-18885, CVE-2019-19057, CVE-2019-19062, CVE-2019-19063, CVE-2019-19071, CVE-2019-19078, CVE-2019-19082, CVE-2019-19227, CVE-2019-19332, CVE-2019-19767, CVE-2019-19965, CVE-2019-20096, CVE-2019-5108, CVE-2020-7053 . 8) - x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * RT: update RT source tree to the RHEL-8.2 tree (BZ#1708716) * KVM-RT guest fails boot with emulatorsched (BZ#1712781) * 8 vCPU guest need max latency < 20 us with stress [RT-8.2] (BZ#1757165) * Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike [rt-8] (BZ#1788352) * RT: Add rpm Provide of 'kernel' to indicate that this is a kernel package (BZ#1796284) * [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot (BZ#1806871) Enhancement(s): * update to the upstream 5.x RT patchset (BZ#1680161) 4

A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. Linux Kernel Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability CID-fb5be6a7b486 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ========================================================================= Ubuntu Security Notice USN-4226-1 January 07, 2020 linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws-5.0: Linux kernel for Amazon Web Services (AWS) systems - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems - linux-oem-osp1: Linux kernel for OEM processors - linux-oracle-5.0: Linux kernel for Oracle Cloud systems Details: Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. (CVE-2019-10220) It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. (CVE-2019-19045) It was discovered that the VirtualBox guest driver implementation in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19048) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. (CVE-2019-19052) It was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. (CVE-2019-19055) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19060) It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19065) It was discovered that the AMD Audio CoProcessor Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19067) It was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19072) It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19075) It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the NXP PN533 NFC USB driver in the Linux kernel did not properly free resources after a late probe error, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19526) It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19529) It was discovered that multiple USB HID device drivers in the Linux kernel did not properly validate device metadata on attachment, leading to out-of- bounds writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19532) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) It was discovered that in some situations the fair scheduler in the Linux kernel did not permit a process to use its full quota time slice. A local attacker could use this to cause a denial of service. (CVE-2019-19922) It was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2214) Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075) It was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. (CVE-2019-18813) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-1009-oracle 5.0.0-1009.14 linux-image-5.0.0-1023-aws 5.0.0-1023.26 linux-image-5.0.0-1024-kvm 5.0.0-1024.26 linux-image-5.0.0-1024-raspi2 5.0.0-1024.25 linux-image-5.0.0-1028-azure 5.0.0-1028.30 linux-image-5.0.0-1028-gcp 5.0.0-1028.29 linux-image-5.0.0-38-generic 5.0.0-38.41 linux-image-5.0.0-38-generic-lpae 5.0.0-38.41 linux-image-5.0.0-38-lowlatency 5.0.0-38.41 linux-image-aws 5.0.0.1023.25 linux-image-azure 5.0.0.1028.28 linux-image-gcp 5.0.0.1028.53 linux-image-generic 5.0.0.38.40 linux-image-generic-lpae 5.0.0.38.40 linux-image-gke 5.0.0.1028.53 linux-image-kvm 5.0.0.1024.25 linux-image-lowlatency 5.0.0.38.40 linux-image-oracle 5.0.0.1009.35 linux-image-raspi2 5.0.0.1024.22 linux-image-virtual 5.0.0.38.40 Ubuntu 18.04 LTS: linux-image-5.0.0-1009-oracle 5.0.0-1009.14~18.04.1 linux-image-5.0.0-1023-aws 5.0.0-1023.26~18.04.1 linux-image-5.0.0-1027-gke 5.0.0-1027.28~18.04.1 linux-image-5.0.0-1028-azure 5.0.0-1028.30~18.04.1 linux-image-5.0.0-1033-oem-osp1 5.0.0-1033.38 linux-image-aws-edge 5.0.0.1023.37 linux-image-azure 5.0.0.1028.39 linux-image-gke-5.0 5.0.0.1027.16 linux-image-oem-osp1 5.0.0.1033.37 linux-image-oracle-edge 5.0.0.1009.8 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4226-1 CVE-2019-10220, CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901, CVE-2019-16231, CVE-2019-16233, CVE-2019-17075, CVE-2019-17133, CVE-2019-18660, CVE-2019-18813, CVE-2019-19045, CVE-2019-19048, CVE-2019-19052, CVE-2019-19055, CVE-2019-19060, CVE-2019-19065, CVE-2019-19067, CVE-2019-19072, CVE-2019-19075, CVE-2019-19083, CVE-2019-19524, CVE-2019-19526, CVE-2019-19529, CVE-2019-19532, CVE-2019-19534, CVE-2019-19922, CVE-2019-2214 Package Information: https://launchpad.net/ubuntu/+source/linux/5.0.0-38.41 https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1023.26 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30 https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1028.29 https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1024.26 https://launchpad.net/ubuntu/+source/linux-oracle/5.0.0-1009.14 https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1024.25 https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1023.26~18.04.1 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30~18.04.1 https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1027.28~18.04.1 https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1033.38 https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1009.14~18.04.1

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to run system commands under root privilege via injecting specially crafted "ExportLogs" type IPC client requests to the fctsched process. Linux for FortiClient Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. There is a command injection vulnerability in Fortinet FortiClient 6.2.1 and earlier versions based on the Linux platform. The vulnerability stems from the fact that the program does not properly handle user input

A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. Linux for FortiClient Is vulnerable to out-of-bounds writes.Service operation interruption (DoS) It may be put into a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. A buffer error vulnerability exists in Fortinet FortiClient 6.2.1 and earlier versions based on the Linux platform. Attackers can use this vulnerability to cause denial of service through IPC sockets

A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. Linux for FortiClient Exists in a privilege management vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be put into a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Security vulnerabilities exist in Fortinet FortiClient 6.2.1 and earlier versions based on the Linux platform. An attacker can exploit this vulnerability to elevate privileges through IPC sockets

A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. Linux for FortiClient There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. Security vulnerabilities exist in Fortinet FortiClient 6.2.1 and earlier versions based on the Linux platform. Attackers can use this vulnerability to cause denial of service through IPC sockets

A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3. Linux Kernel Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability CID-9c0530e898f3 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ========================================================================== Ubuntu Security Notice USN-4904-1 April 13, 2021 linux, linux-aws, linux-kvm, linux-lts-xenial, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 ESM Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi (V8) systems - linux-snapdragon: Linux kernel for Qualcomm Snapdragon processors - linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty Details: Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. (CVE-2015-1350) Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16644) It was discovered that the timer stats implementation in the Linux kernel allowed the discovery of a real PID value while inside a PID namespace. A local attacker could use this to expose sensitive information. (CVE-2017-5967) Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13095) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the Marvell 8xxx Libertas WLAN device driver in the Linux kernel did not properly check for errors in certain situations, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service. (CVE-2019-16232) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19061) It was discovered that a race condition existed in the floppy device driver in the Linux kernel. An attacker with access to the floppy device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-20261) Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Sch\xf6nherr discovered that the Xen paravirtualization bckend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26930) Jan Beulich discovered that multiple Xen backends in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-26931) Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service (host domain crash). (CVE-2021-28038) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1091-kvm 4.4.0-1091.100 linux-image-4.4.0-1126-aws 4.4.0-1126.140 linux-image-4.4.0-1150-raspi2 4.4.0-1150.161 linux-image-4.4.0-1154-snapdragon 4.4.0-1154.164 linux-image-4.4.0-208-generic 4.4.0-208.240 linux-image-4.4.0-208-generic-lpae 4.4.0-208.240 linux-image-4.4.0-208-lowlatency 4.4.0-208.240 linux-image-4.4.0-208-powerpc-e500mc 4.4.0-208.240 linux-image-4.4.0-208-powerpc-smp 4.4.0-208.240 linux-image-4.4.0-208-powerpc64-emb 4.4.0-208.240 linux-image-4.4.0-208-powerpc64-smp 4.4.0-208.240 linux-image-aws 4.4.0.1126.131 linux-image-generic 4.4.0.208.214 linux-image-generic-lpae 4.4.0.208.214 linux-image-kvm 4.4.0.1091.89 linux-image-lowlatency 4.4.0.208.214 linux-image-powerpc-e500mc 4.4.0.208.214 linux-image-powerpc-smp 4.4.0.208.214 linux-image-powerpc64-emb 4.4.0.208.214 linux-image-powerpc64-smp 4.4.0.208.214 linux-image-raspi2 4.4.0.1150.150 linux-image-snapdragon 4.4.0.1154.146 linux-image-virtual 4.4.0.208.214 Ubuntu 14.04 ESM: linux-image-4.4.0-1090-aws 4.4.0-1090.94 linux-image-4.4.0-208-generic 4.4.0-208.240~14.04.1 linux-image-4.4.0-208-generic-lpae 4.4.0-208.240~14.04.1 linux-image-4.4.0-208-lowlatency 4.4.0-208.240~14.04.1 linux-image-aws 4.4.0.1090.87 linux-image-generic-lpae-lts-xenial 4.4.0.208.181 linux-image-generic-lts-xenial 4.4.0.208.181 linux-image-lowlatency-lts-xenial 4.4.0.208.181 linux-image-virtual-lts-xenial 4.4.0.208.181 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-4904-1 CVE-2015-1350, CVE-2017-16644, CVE-2017-5967, CVE-2018-13095, CVE-2019-16231, CVE-2019-16232, CVE-2019-19061, CVE-2021-20261, CVE-2021-26930, CVE-2021-26931, CVE-2021-28038 Package Information: https://launchpad.net/ubuntu/+source/linux/4.4.0-208.240 https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1126.140 https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1091.100 https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1150.161 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1154.164

A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41. Linux Kernel Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability CID-ab612b1daf41 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ========================================================================= Ubuntu Security Notice USN-4226-1 January 07, 2020 linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-kvm, linux-oem-osp1, linux-oracle, linux-oracle-5.0, linux-raspi2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-aws-5.0: Linux kernel for Amazon Web Services (AWS) systems - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems - linux-oem-osp1: Linux kernel for OEM processors - linux-oracle-5.0: Linux kernel for Oracle Cloud systems Details: Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. (CVE-2019-10220) It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901) It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897) It was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231) It was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233) Nicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-17133) Anthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660) It was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. (CVE-2019-19045) It was discovered that the VirtualBox guest driver implementation in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19048) It was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. (CVE-2019-19052) It was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. (CVE-2019-19055) It was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19060) It was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19065) It was discovered that the AMD Audio CoProcessor Driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19067) It was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19072) It was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19075) It was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions. A physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2019-19524) It was discovered that the NXP PN533 NFC USB driver in the Linux kernel did not properly free resources after a late probe error, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19526) It was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19529) It was discovered that multiple USB HID device drivers in the Linux kernel did not properly validate device metadata on attachment, leading to out-of- bounds writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19532) It was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534) It was discovered that in some situations the fair scheduler in the Linux kernel did not permit a process to use its full quota time slice. A local attacker could use this to cause a denial of service. (CVE-2019-19922) It was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2214) Nicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075) It was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. (CVE-2019-18813) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-1009-oracle 5.0.0-1009.14 linux-image-5.0.0-1023-aws 5.0.0-1023.26 linux-image-5.0.0-1024-kvm 5.0.0-1024.26 linux-image-5.0.0-1024-raspi2 5.0.0-1024.25 linux-image-5.0.0-1028-azure 5.0.0-1028.30 linux-image-5.0.0-1028-gcp 5.0.0-1028.29 linux-image-5.0.0-38-generic 5.0.0-38.41 linux-image-5.0.0-38-generic-lpae 5.0.0-38.41 linux-image-5.0.0-38-lowlatency 5.0.0-38.41 linux-image-aws 5.0.0.1023.25 linux-image-azure 5.0.0.1028.28 linux-image-gcp 5.0.0.1028.53 linux-image-generic 5.0.0.38.40 linux-image-generic-lpae 5.0.0.38.40 linux-image-gke 5.0.0.1028.53 linux-image-kvm 5.0.0.1024.25 linux-image-lowlatency 5.0.0.38.40 linux-image-oracle 5.0.0.1009.35 linux-image-raspi2 5.0.0.1024.22 linux-image-virtual 5.0.0.38.40 Ubuntu 18.04 LTS: linux-image-5.0.0-1009-oracle 5.0.0-1009.14~18.04.1 linux-image-5.0.0-1023-aws 5.0.0-1023.26~18.04.1 linux-image-5.0.0-1027-gke 5.0.0-1027.28~18.04.1 linux-image-5.0.0-1028-azure 5.0.0-1028.30~18.04.1 linux-image-5.0.0-1033-oem-osp1 5.0.0-1033.38 linux-image-aws-edge 5.0.0.1023.37 linux-image-azure 5.0.0.1028.39 linux-image-gke-5.0 5.0.0.1027.16 linux-image-oem-osp1 5.0.0.1033.37 linux-image-oracle-edge 5.0.0.1009.8 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4226-1 CVE-2019-10220, CVE-2019-14895, CVE-2019-14896, CVE-2019-14897, CVE-2019-14901, CVE-2019-16231, CVE-2019-16233, CVE-2019-17075, CVE-2019-17133, CVE-2019-18660, CVE-2019-18813, CVE-2019-19045, CVE-2019-19048, CVE-2019-19052, CVE-2019-19055, CVE-2019-19060, CVE-2019-19065, CVE-2019-19067, CVE-2019-19072, CVE-2019-19075, CVE-2019-19083, CVE-2019-19524, CVE-2019-19526, CVE-2019-19529, CVE-2019-19532, CVE-2019-19534, CVE-2019-19922, CVE-2019-2214 Package Information: https://launchpad.net/ubuntu/+source/linux/5.0.0-38.41 https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1023.26 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30 https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1028.29 https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1024.26 https://launchpad.net/ubuntu/+source/linux-oracle/5.0.0-1009.14 https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1024.25 https://launchpad.net/ubuntu/+source/linux-aws-5.0/5.0.0-1023.26~18.04.1 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1028.30~18.04.1 https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1027.28~18.04.1 https://launchpad.net/ubuntu/+source/linux-oem-osp1/5.0.0-1033.38 https://launchpad.net/ubuntu/+source/linux-oracle-5.0/5.0.0-1009.14~18.04.1

A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpmsg/rpmsg_char.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy_from_iter_full() failures, aka CID-bbe692e349e2. Linux Kernel Contains a resource exhaustion vulnerability. Vendors have confirmed this vulnerability CID-bbe692e349e2 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. ========================================================================= Ubuntu Security Notice USN-4300-1 March 16, 2020 linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-gke-5.3, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-raspi2-5.3 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-gcp-5.3: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke-5.3: Linux kernel for Google Container Engine (GKE) systems - linux-hwe: Linux hardware enablement (HWE) kernel - linux-raspi2-5.3: Linux kernel for Raspberry Pi 2 Details: It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information (read memory from another guest VM). (CVE-2019-3016) Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information. (CVE-2020-2732) It was discovered that the Afatech AF9005 DVB-T USB device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-18809) It was discovered that the Intel(R) XL710 Ethernet Controller device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19043) It was discovered that the RPMSG character device interface in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19053) It was discovered that the Marvell Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19056) It was discovered that the Intel(R) Wi-Fi device driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19058, CVE-2019-19059) It was discovered that the Serial Peripheral Interface (SPI) driver in the Linux kernel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19064) It was discovered that the Brocade BFA Fibre Channel device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19066) It was discovered that the Realtek RTL8xxx USB Wi-Fi device driver in the Linux kernel did not properly deallocate memory in certain error conditions. (CVE-2019-19068) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: linux-image-5.3.0-1011-oracle 5.3.0-1011.12 linux-image-5.3.0-1012-kvm 5.3.0-1012.13 linux-image-5.3.0-1013-aws 5.3.0-1013.14 linux-image-5.3.0-1014-gcp 5.3.0-1014.15 linux-image-5.3.0-1019-raspi2 5.3.0-1019.21 linux-image-5.3.0-42-generic 5.3.0-42.34 linux-image-5.3.0-42-generic-lpae 5.3.0-42.34 linux-image-5.3.0-42-lowlatency 5.3.0-42.34 linux-image-5.3.0-42-snapdragon 5.3.0-42.34 linux-image-aws 5.3.0.1013.15 linux-image-gcp 5.3.0.1014.15 linux-image-generic 5.3.0.42.36 linux-image-generic-lpae 5.3.0.42.36 linux-image-gke 5.3.0.1014.15 linux-image-kvm 5.3.0.1012.14 linux-image-lowlatency 5.3.0.42.36 linux-image-oracle 5.3.0.1011.12 linux-image-raspi2 5.3.0.1019.16 linux-image-snapdragon 5.3.0.42.36 linux-image-virtual 5.3.0.42.36 Ubuntu 18.04 LTS: linux-image-5.3.0-1014-gcp 5.3.0-1014.15~18.04.1 linux-image-5.3.0-1014-gke 5.3.0-1014.15~18.04.1 linux-image-5.3.0-1019-raspi2 5.3.0-1019.21~18.04.1 linux-image-5.3.0-42-generic 5.3.0-42.34~18.04.1 linux-image-5.3.0-42-generic-lpae 5.3.0-42.34~18.04.1 linux-image-5.3.0-42-lowlatency 5.3.0-42.34~18.04.1 linux-image-gcp-edge 5.3.0.1014.13 linux-image-generic-hwe-18.04 5.3.0.42.99 linux-image-generic-lpae-hwe-18.04 5.3.0.42.99 linux-image-gke-5.3 5.3.0.1014.4 linux-image-lowlatency-hwe-18.04 5.3.0.42.99 linux-image-raspi2-hwe-18.04 5.3.0.1019.8 linux-image-snapdragon-hwe-18.04 5.3.0.42.99 linux-image-virtual-hwe-18.04 5.3.0.42.99 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4300-1 CVE-2019-18809, CVE-2019-19043, CVE-2019-19053, CVE-2019-19056, CVE-2019-19058, CVE-2019-19059, CVE-2019-19064, CVE-2019-19066, CVE-2019-19068, CVE-2019-3016, CVE-2020-2732 Package Information: https://launchpad.net/ubuntu/+source/linux/5.3.0-42.34 https://launchpad.net/ubuntu/+source/linux-aws/5.3.0-1013.14 https://launchpad.net/ubuntu/+source/linux-gcp/5.3.0-1014.15 https://launchpad.net/ubuntu/+source/linux-kvm/5.3.0-1012.13 https://launchpad.net/ubuntu/+source/linux-oracle/5.3.0-1011.12 https://launchpad.net/ubuntu/+source/linux-raspi2/5.3.0-1019.21 https://launchpad.net/ubuntu/+source/linux-gcp-5.3/5.3.0-1014.15~18.04.1 https://launchpad.net/ubuntu/+source/linux-gke-5.3/5.3.0-1014.15~18.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/5.3.0-42.34~18.04.1 https://launchpad.net/ubuntu/+source/linux-raspi2-5.3/5.3.0-1019.21~18.04.1