After earlier this week released Ubuntu 19.04 (Disco Dingo) and 18.04 LTS (Bionic Beaver) Series operating system security update Ubuntu, this new Linux kernel security patches are hot, but it only applies to Linux 4.4 kernel running Ubuntu 16.04 LTS (Xenial Xerus) user operating system family.
It solves a total of six defects, including the Linux kernel found in Freescale (PowerPC) Management Program Manager integer overflow ( CVE-2019-10142 ) and Serial Attached SCSI (SAS) to achieve competitive conditions found ( CVE-2018-20836 ), which could allow a local attacker to execute arbitrary code or cause a denial of service (system crash).
Also fixes two issues (EXT4 file system CVE-2019-11833 and CVE-2019-11884 ), it does not correctly clear memory, in some cases, while the Bluetooth Human Interface Device protocol (HIDP) to achieve mistakenly verified NULL-terminated string. Both of which may allow a local attacker to expose sensitive information from kernel memory.
Another security vulnerabilities fixed in this update is a problem (Hugues Anguelkov in Broadcom Wi-Fi driver for Linux kenrel found in CVE-2019-9503 ), the driver can not stop the USB Wi-Fi device with remote firmware event, allowing physical proximity to the attacker sends an event to the device firmware.
ARM devices are also affected
Ubuntu 16.04 LTS的新内核安全补丁还解决了Linux内核中影响ARM处理器的问题(CVE-2019-2054),它允许跟踪进程在对相应的系统调用做出seccomp决策后修改系统调用允许本地攻击者绕过seccomp限制。
如果您使用的是带有Linux 4.4内核的Ubuntu 16.04 LTS(Xenial Xerus)操作系统,则需要在32位或64位系统上将您的设备更新为linux-image 4.4.0-157.185,linux-image Raspberry Pi 2板上的-raspi2 4.4.0-1117.126,云环境中的linux-image-kvm 4.4.0-1052.59或AWS机器上的linux-image-aws 4.4.0-1088.99。