Ubuntu alert USN-6923-2 (linux-aws-5.15, linux-ibm, linux-ibm-5.15, linux-raspi)
| From: | Giampaolo Fresi Roglia <giampaolo.fresi.roglia@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6923-2] Linux kernel vulnerabilities | |
| Date: | Tue, 30 Jul 2024 13:09:51 +0200 | |
| Message-ID: | <87y15jp24g.fsf@homer.mail-host-address-is-not-set> |
========================================================================== Ubuntu Security Notice USN-6923-2 July 30, 2024 linux-aws-5.15, linux-ibm, linux-ibm-5.15, linux-raspi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-ibm: Linux kernel for IBM cloud systems - linux-raspi: Linux kernel for Raspberry Pi systems - linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems - linux-ibm-5.15: Linux kernel for IBM cloud systems Details: Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. (CVE-2024-25742) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - TTY drivers; - SMB network file system; - Netfilter; - Bluetooth subsystem; (CVE-2024-26886, CVE-2023-52752, CVE-2024-36016, CVE-2024-26952, CVE-2024-27017) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS linux-image-5.15.0-1059-ibm 5.15.0-1059.62 linux-image-5.15.0-1059-raspi 5.15.0-1059.62 linux-image-ibm 5.15.0.1059.55 linux-image-raspi 5.15.0.1059.57 linux-image-raspi-nolpae 5.15.0.1059.57 Ubuntu 20.04 LTS linux-image-5.15.0-1059-ibm 5.15.0-1059.62~20.04.1 linux-image-5.15.0-1066-aws 5.15.0-1066.72~20.04.1 linux-image-aws 5.15.0.1066.72~20.04.1 linux-image-ibm 5.15.0.1059.62~20.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6923-2 https://ubuntu.com/security/notices/USN-6923-1 CVE-2023-52752, CVE-2024-25742, CVE-2024-26886, CVE-2024-26952, CVE-2024-27017, CVE-2024-36016 Package Information: https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-105... https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1... https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.... https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15....
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQHZBAEBCgBDFiEEBcMY+nwS2CY71sUWc4vdAqvdlsYFAmaoyf8lHGdpYW1wYW9s by5mcmVzaS5yb2dsaWFAY2Fub25pY2FsLmNvbQAKCRBzi90Cq92WxrrJC/9OleP4 Cz2sGYy+RC7A/btGTV9gpGou8Ph68J3kXftjwbs+tST1zURp+KCAAyvyFuCxKGaD GBM3ISeIjIvuVkixue/eE+6ak1zx+a5tWIBketnQeCk57yvsLtUolyWdZ5rQM7Im YPYCSI0a3PmRJO2Uex6KBq/oh4UsjM9NpsjwsTta7znYyEAZs9DbKwRvtnzuCFbu 7HmybvSp4IYp78OchzA+hCSNS52Iz3JIcgniTE7Y83Wi7bDRggPvJle5d9NoNP2e KPestEwLpF6pA7R+cZBUStZw4kcRgS+wS+YEz1v+tDMHtN+Q4NrzbyVal2wYm2J7 jnSDJsLZrY40wh6Sc/Psj9DznMz1AGsgc12CEr3FwrOplwJmSlBYdLs9KgLdBtbn DMiAGTosmITn4oF0LD58Hyxsusw0g8zpCsr9hQFIaV6O7Ud4ateoKb0JgGfVuZnT v3WdQaSyzrPeNctRxG0x3hQIwNDnblPKhQbf4JuN/U0zPg4z60VFLpOLIMA= =6bUF -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)