Affect Ubuntu 19.04 (Disco Dingo), Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus) and 4.4 kernel of Linux 5.0,4.15, this newly restored most critical vulnerabilities ( CVE-2019-10638 ) security update is made Amit Klein and Benny Pinkas found in the Linux kernel, a random IP ID value into a connectionless network protocol generator, which could allow an attacker to trace a particular remote Linux device.
Security update also explains Amit Klein and Benny Pinkas another critical vulnerabilities in the Linux kernel ( CVE-2019-10638 ), but only affects the Linux 4.15 kernel (Xenial Ubuntu 18.04 LTS (Bionic Beaver ) and Ubuntu 16.04 LTS used Xerus) system. This may allow a remote attacker to exploit another vulnerability in the Linux kernel, since no implement connectionless network protocols may be exposed location of the kernel address.
Two other important issues have been resolved, Hui Peng and Mathias Payer USB high-speed driver found a security vulnerability (in Option Linux kernel CVE-2018-19985 ), and a problem (in Intel-Fi the Wi CVE- 2019-0136 ) verify the device driver during a tunneled direct link set some (TDLS), both of which allow an attacker to cause a denial of physically adjacent service (DoS attacks) and a system crash or Wi-Fi connection is disconnected .
在这个主要的新Linux内核安全更新中修复的其他问题中,我们可以提到软盘驱动程序中的两个问题导致被零除或缓冲区重写,virtio网络驱动程序和CFS Linux内核进程调度程序中的无限循环漏洞, LSI Logic MegaRAID驱动程序中的空指针解除引用漏洞,以及影响Linux内核的蓝牙UART实现和GTCO平板电脑输入驱动程序的问题。
还解决了Linux内核的DesignWare USB3 DRD控制器设备驱动程序中的竞争条件,QLogic QEDI iSCSI Initiator驱动程序中的越界读取,Raremono AM / FM / SW无线电设备驱动程序中的错误,双重自由错误在USB Rio 500设备驱动程序中,以及ALSA(高级Linux声音架构)子系统,USB YUREX设备驱动程序,CPiA2 video4linux设备驱动程序和Softmac USB Prism54设备驱动程序中的竞争条件。
敦促用户立即更新他们的系统
Linux内核的Appletalk实现中发现的use-after-free漏洞,以及Siano USB MDTV接收器设备驱动程序,Line 6 POD USB设备驱动程序,蓝牙协议BR/EDR规范和CAN实现中的问题也在此处得到解决安全更新。因此,敦促所有Ubuntu用户尽快将其安装更新到新的Linux内核版本。
使用Linux 5.0 HWE(硬件启用)内核的Ubuntu 19.04和Ubuntu 18.04.3 LTS用户必须更新到linux-image 5.0.0-27.28,使用Linux 4.15 HWE内核的Ubuntu 18.04 LTS和Ubuntu 16.04.6 LTS用户需要将他们的系统更新为linux-image 4.15.0-60.67。使用Linux 4.4内核的Ubuntu 16.04 LTS用户也必须更新到linux-image 4.4.0-161.189。