USN-4008-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-4008-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-4008-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-4008-1
Related
Published
2019-06-04T22:52:17.162543Z
Modified
2019-06-04T22:52:17.162543Z
Summary
linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
Details

Robert Święcki discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. (CVE-2019-11190)

It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810)

It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is disabled via blocklist by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service system crash) or possibly execute arbitrary code. (CVE-2019-11815)

Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. (CVE-2019-11191)

As a hardening measure, this update disables a.out support.

References

Affected packages

Ubuntu:16.04:LTS / linux-raspi2

Package

Name
linux-raspi2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1110.118

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-raspi2": "4.4.0.1110.110",
            "linux-image-4.4.0-1110-raspi2": "4.4.0-1110.118"
        }
    ]
}

Ubuntu:16.04:LTS / linux-aws

Package

Name
linux-aws

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1084.94

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-1084-aws": "4.4.0-1084.94",
            "linux-image-aws": "4.4.0.1084.87"
        }
    ]
}

Ubuntu:16.04:LTS / linux-kvm

Package

Name
linux-kvm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1047.53

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-kvm": "4.4.0.1047.47",
            "linux-image-4.4.0-1047-kvm": "4.4.0-1047.53"
        }
    ]
}

Ubuntu:16.04:LTS / linux-snapdragon

Package

Name
linux-snapdragon

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-1114.119

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-snapdragon": "4.4.0.1114.106",
            "linux-image-4.4.0-1114-snapdragon": "4.4.0-1114.119"
        }
    ]
}

Ubuntu:16.04:LTS / linux

Package

Name
linux

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.4.0-150.176

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "linux-image-4.4.0-150-powerpc64-emb": "4.4.0-150.176",
            "linux-image-lowlatency-lts-vivid": "4.4.0.150.158",
            "linux-image-virtual-lts-vivid": "4.4.0.150.158",
            "linux-image-powerpc64-emb": "4.4.0.150.158",
            "linux-image-4.4.0-150-generic-lpae": "4.4.0-150.176",
            "linux-image-lowlatency-lts-wily": "4.4.0.150.158",
            "linux-image-powerpc-e500mc-lts-utopic": "4.4.0.150.158",
            "linux-image-powerpc-smp-lts-wily": "4.4.0.150.158",
            "linux-image-generic-lpae-lts-vivid": "4.4.0.150.158",
            "linux-image-virtual-lts-utopic": "4.4.0.150.158",
            "linux-image-powerpc64-smp-lts-xenial": "4.4.0.150.158",
            "linux-image-4.4.0-150-lowlatency": "4.4.0-150.176",
            "linux-image-powerpc-smp-lts-utopic": "4.4.0.150.158",
            "linux-image-powerpc64-emb-lts-utopic": "4.4.0.150.158",
            "linux-image-4.4.0-150-powerpc-smp": "4.4.0-150.176",
            "linux-image-powerpc64-smp-lts-wily": "4.4.0.150.158",
            "linux-image-powerpc-e500mc-lts-wily": "4.4.0.150.158",
            "linux-image-powerpc-smp-lts-vivid": "4.4.0.150.158",
            "linux-image-powerpc64-emb-lts-vivid": "4.4.0.150.158",
            "linux-image-virtual-lts-xenial": "4.4.0.150.158",
            "linux-image-powerpc64-smp": "4.4.0.150.158",
            "linux-image-generic-lts-xenial": "4.4.0.150.158",
            "linux-image-lowlatency": "4.4.0.150.158",
            "linux-image-powerpc-e500mc-lts-xenial": "4.4.0.150.158",
            "linux-image-powerpc-smp-lts-xenial": "4.4.0.150.158",
            "linux-image-virtual": "4.4.0.150.158",
            "linux-image-generic-lpae-lts-xenial": "4.4.0.150.158",
            "linux-image-powerpc64-emb-lts-wily": "4.4.0.150.158",
            "linux-image-generic-lts-utopic": "4.4.0.150.158",
            "linux-image-powerpc64-smp-lts-utopic": "4.4.0.150.158",
            "linux-image-generic-lts-vivid": "4.4.0.150.158",
            "linux-image-powerpc-e500mc": "4.4.0.150.158",
            "linux-image-4.4.0-150-generic": "4.4.0-150.176",
            "linux-image-generic-lpae-lts-utopic": "4.4.0.150.158",
            "linux-image-4.4.0-150-powerpc-e500mc": "4.4.0-150.176",
            "linux-image-powerpc64-smp-lts-vivid": "4.4.0.150.158",
            "linux-image-powerpc-e500mc-lts-vivid": "4.4.0.150.158",
            "linux-image-virtual-lts-wily": "4.4.0.150.158",
            "linux-image-lowlatency-lts-xenial": "4.4.0.150.158",
            "linux-image-4.4.0-150-powerpc64-smp": "4.4.0-150.176",
            "linux-image-generic-lpae-lts-wily": "4.4.0.150.158",
            "linux-image-lowlatency-lts-utopic": "4.4.0.150.158",
            "linux-image-powerpc64-emb-lts-xenial": "4.4.0.150.158",
            "linux-image-generic": "4.4.0.150.158",
            "linux-image-powerpc-smp": "4.4.0.150.158",
            "linux-image-generic-lts-wily": "4.4.0.150.158",
            "linux-image-generic-lpae": "4.4.0.150.158"
        }
    ]
}