Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary.
As a hardening measure, this update disables a.out support.
{ "availability": "No subscription required", "binaries": [ { "parport-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "linux-image-4.15.0-51-generic-lpae": "4.15.0-51.55", "md-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-image-unsigned-4.15.0-51-generic-dbgsym": "4.15.0-51.55", "linux-image-4.15.0-51-lowlatency-dbgsym": "4.15.0-51.55", "fat-modules-4.15.0-51-generic-di": "4.15.0-51.55", "mouse-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-image-unsigned-4.15.0-51-lowlatency-dbgsym": "4.15.0-51.55", "ipmi-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "linux-udebs-generic": "4.15.0-51.55", "linux-buildinfo-4.15.0-51-generic-lpae": "4.15.0-51.55", "usb-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-image-4.15.0-51-generic-lpae-dbgsym": "4.15.0-51.55", "linux-cloud-tools-4.15.0-51-generic": "4.15.0-51.55", "sata-modules-4.15.0-51-generic-di": "4.15.0-51.55", "ppp-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "nic-usb-modules-4.15.0-51-generic-di": "4.15.0-51.55", "pata-modules-4.15.0-51-generic-di": "4.15.0-51.55", "multipath-modules-4.15.0-51-generic-di": "4.15.0-51.55", "input-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "linux-modules-4.15.0-51-generic": "4.15.0-51.55", "multipath-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "nic-shared-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "pcmcia-storage-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-modules-4.15.0-51-lowlatency": "4.15.0-51.55", "serial-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-image-unsigned-4.15.0-51-lowlatency": "4.15.0-51.55", "linux-image-4.15.0-51-lowlatency": "4.15.0-51.55", "message-modules-4.15.0-51-generic-di": "4.15.0-51.55", "mouse-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "nic-modules-4.15.0-51-generic-di": "4.15.0-51.55", "parport-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-headers-4.15.0-51-generic-lpae": "4.15.0-51.55", "nic-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "input-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-image-4.15.0-51-generic": "4.15.0-51.55", "plip-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "kernel-image-4.15.0-51-generic-di": "4.15.0-51.55", "linux-headers-4.15.0-51-generic": "4.15.0-51.55", "linux-headers-4.15.0-51": "4.15.0-51.55", "virtio-modules-4.15.0-51-generic-di": "4.15.0-51.55", "nfs-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "linux-tools-4.15.0-51-generic": "4.15.0-51.55", "linux-tools-4.15.0-51": "4.15.0-51.55", "linux-cloud-tools-4.15.0-51": "4.15.0-51.55", "fs-secondary-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "ipmi-modules-4.15.0-51-generic-di": "4.15.0-51.55", "md-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "linux-cloud-tools-common": "4.15.0-51.55", "linux-modules-extra-4.15.0-51-generic": "4.15.0-51.55", "linux-source-4.15.0": "4.15.0-51.55", "fb-modules-4.15.0-51-generic-di": "4.15.0-51.55", "ppp-modules-4.15.0-51-generic-di": "4.15.0-51.55", "irda-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "fat-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "block-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "linux-doc": "4.15.0-51.55", "dasd-extra-modules-4.15.0-51-generic-di": "4.15.0-51.55", "block-modules-4.15.0-51-generic-di": "4.15.0-51.55", "nic-pcmcia-modules-4.15.0-51-generic-di": "4.15.0-51.55", "vlan-modules-4.15.0-51-generic-di": "4.15.0-51.55", "plip-modules-4.15.0-51-generic-di": "4.15.0-51.55", "scsi-modules-4.15.0-51-generic-di": "4.15.0-51.55", "firewire-core-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-modules-4.15.0-51-generic-lpae": "4.15.0-51.55", "linux-libc-dev": "4.15.0-51.55", "vlan-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "fs-secondary-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-headers-4.15.0-51-lowlatency": "4.15.0-51.55", "linux-cloud-tools-4.15.0-51-lowlatency": "4.15.0-51.55", "sata-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "storage-core-modules-4.15.0-51-generic-di": "4.15.0-51.55", "fs-core-modules-4.15.0-51-generic-di": "4.15.0-51.55", "nic-usb-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "linux-image-unsigned-4.15.0-51-generic": "4.15.0-51.55", "linux-tools-host": "4.15.0-51.55", "linux-tools-4.15.0-51-generic-lpae": "4.15.0-51.55", "kernel-image-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "usb-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "scsi-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "crypto-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "linux-udebs-generic-lpae": "4.15.0-51.55", "storage-core-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "linux-buildinfo-4.15.0-51-generic": "4.15.0-51.55", "linux-tools-4.15.0-51-lowlatency": "4.15.0-51.55", "nfs-modules-4.15.0-51-generic-di": "4.15.0-51.55", "crypto-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-buildinfo-4.15.0-51-lowlatency": "4.15.0-51.55", "nic-shared-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-tools-common": "4.15.0-51.55", "dasd-modules-4.15.0-51-generic-di": "4.15.0-51.55", "linux-image-4.15.0-51-generic-dbgsym": "4.15.0-51.55", "pcmcia-modules-4.15.0-51-generic-di": "4.15.0-51.55", "fs-core-modules-4.15.0-51-generic-lpae-di": "4.15.0-51.55", "floppy-modules-4.15.0-51-generic-di": "4.15.0-51.55", "irda-modules-4.15.0-51-generic-di": "4.15.0-51.55" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-cloud-tools-4.15.0-1040-aws": "4.15.0-1040.42", "linux-headers-4.15.0-1040-aws": "4.15.0-1040.42", "linux-modules-4.15.0-1040-aws": "4.15.0-1040.42", "linux-image-4.15.0-1040-aws": "4.15.0-1040.42", "linux-aws-headers-4.15.0-1040": "4.15.0-1040.42", "linux-buildinfo-4.15.0-1040-aws": "4.15.0-1040.42", "linux-tools-4.15.0-1040-aws": "4.15.0-1040.42", "linux-image-4.15.0-1040-aws-dbgsym": "4.15.0-1040.42", "linux-aws-cloud-tools-4.15.0-1040": "4.15.0-1040.42", "linux-aws-tools-4.15.0-1040": "4.15.0-1040.42" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-buildinfo-4.15.0-1033-gcp": "4.15.0-1033.35", "linux-gcp-headers-4.15.0-1033": "4.15.0-1033.35", "linux-modules-4.15.0-1033-gcp": "4.15.0-1033.35", "linux-headers-4.15.0-1033-gcp": "4.15.0-1033.35", "linux-tools-4.15.0-1033-gcp": "4.15.0-1033.35", "linux-image-unsigned-4.15.0-1033-gcp": "4.15.0-1033.35", "linux-gcp-tools-4.15.0-1033": "4.15.0-1033.35", "linux-image-unsigned-4.15.0-1033-gcp-dbgsym": "4.15.0-1033.35", "linux-modules-extra-4.15.0-1033-gcp": "4.15.0-1033.35" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-buildinfo-4.15.0-1035-kvm": "4.15.0-1035.35", "linux-headers-4.15.0-1035-kvm": "4.15.0-1035.35", "linux-image-4.15.0-1035-kvm": "4.15.0-1035.35", "linux-kvm-headers-4.15.0-1035": "4.15.0-1035.35", "linux-modules-4.15.0-1035-kvm": "4.15.0-1035.35", "linux-kvm-tools-4.15.0-1035": "4.15.0-1035.35", "linux-image-4.15.0-1035-kvm-dbgsym": "4.15.0-1035.35", "linux-tools-4.15.0-1035-kvm": "4.15.0-1035.35" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-image-unsigned-4.15.0-1039-oem": "4.15.0-1039.44", "sata-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "fb-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "usb-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "kernel-image-4.15.0-1039-oem-di": "4.15.0-1039.44", "ipmi-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "crypto-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "fat-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "ppp-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "pcmcia-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "nfs-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "block-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "parport-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "floppy-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "input-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "nic-usb-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "md-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "serial-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "storage-core-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "message-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "linux-tools-4.15.0-1039-oem": "4.15.0-1039.44", "pata-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "nic-shared-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "vlan-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "linux-image-unsigned-4.15.0-1039-oem-dbgsym": "4.15.0-1039.44", "firewire-core-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "linux-oem-headers-4.15.0-1039": "4.15.0-1039.44", "linux-oem-tools-4.15.0-1039": "4.15.0-1039.44", "plip-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "multipath-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "linux-headers-4.15.0-1039-oem": "4.15.0-1039.44", "fs-core-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "linux-buildinfo-4.15.0-1039-oem": "4.15.0-1039.44", "linux-udebs-oem": "4.15.0-1039.44", "fs-secondary-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "mouse-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "scsi-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "nic-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "virtio-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "nic-pcmcia-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "irda-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "pcmcia-storage-modules-4.15.0-1039-oem-di": "4.15.0-1039.44", "linux-modules-4.15.0-1039-oem": "4.15.0-1039.44" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-tools-4.15.0-1014-oracle": "4.15.0-1014.16", "linux-modules-4.15.0-1014-oracle": "4.15.0-1014.16", "linux-oracle-tools-4.15.0-1014": "4.15.0-1014.16", "linux-oracle-headers-4.15.0-1014": "4.15.0-1014.16", "linux-modules-extra-4.15.0-1014-oracle": "4.15.0-1014.16", "linux-headers-4.15.0-1014-oracle": "4.15.0-1014.16", "linux-buildinfo-4.15.0-1014-oracle": "4.15.0-1014.16", "linux-image-unsigned-4.15.0-1014-oracle-dbgsym": "4.15.0-1014.16", "linux-image-unsigned-4.15.0-1014-oracle": "4.15.0-1014.16" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-tools-4.15.0-1037-raspi2": "4.15.0-1037.39", "linux-raspi2-headers-4.15.0-1037": "4.15.0-1037.39", "linux-image-4.15.0-1037-raspi2-dbgsym": "4.15.0-1037.39", "linux-image-4.15.0-1037-raspi2": "4.15.0-1037.39", "linux-raspi2-tools-4.15.0-1037": "4.15.0-1037.39", "linux-modules-4.15.0-1037-raspi2": "4.15.0-1037.39", "linux-headers-4.15.0-1037-raspi2": "4.15.0-1037.39", "linux-buildinfo-4.15.0-1037-raspi2": "4.15.0-1037.39" } ] }
{ "availability": "No subscription required", "binaries": [ { "linux-tools-4.15.0-1054-snapdragon": "4.15.0-1054.58", "linux-headers-4.15.0-1054-snapdragon": "4.15.0-1054.58", "linux-snapdragon-tools-4.15.0-1054": "4.15.0-1054.58", "linux-snapdragon-headers-4.15.0-1054": "4.15.0-1054.58", "linux-buildinfo-4.15.0-1054-snapdragon": "4.15.0-1054.58", "linux-image-4.15.0-1054-snapdragon": "4.15.0-1054.58", "linux-image-4.15.0-1054-snapdragon-dbgsym": "4.15.0-1054.58", "linux-modules-4.15.0-1054-snapdragon": "4.15.0-1054.58" } ] }