Ubuntu alert USN-6973-3 (linux-aws-5.4)
| From: | Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6973-3] Linux kernel (AWS) vulnerabilities | |
| Date: | Mon, 26 Aug 2024 15:20:18 -0300 | |
| Message-ID: | <765772d0-c2c0-431e-a25d-e8ac5391091e@canonical.com> |
========================================================================== Ubuntu Security Notice USN-6973-3 August 26, 2024 linux-aws-5.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems Details: It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service (system crash). (CVE-2024-24860) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SuperH RISC architecture; - MMC subsystem; - Network drivers; - SCSI drivers; - GFS2 file system; - IPv4 networking; - IPv6 networking; - HD-audio driver; (CVE-2024-26830, CVE-2024-39484, CVE-2024-36901, CVE-2024-26929, CVE-2024-26921, CVE-2021-46926, CVE-2023-52629, CVE-2023-52760) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-image-5.4.0-1131-aws 5.4.0-1131.141~18.04.1 Available with Ubuntu Pro linux-image-aws 5.4.0.1131.141~18.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-6973-3 https://ubuntu.com/security/notices/USN-6973-2 https://ubuntu.com/security/notices/USN-6973-1 CVE-2021-46926, CVE-2023-52629, CVE-2023-52760, CVE-2024-24860, CVE-2024-26830, CVE-2024-26921, CVE-2024-26929, CVE-2024-36901, CVE-2024-39484
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmbMx2IFAwAAAAAACgkQZ0GeRcM5nt0k MAf9HaGy4yVrH8k7vASd07hyZMw9r2c0Vj3Ns/Yhki7bc6GaQqvYlbOHW3q7At46af2HBVDtU3eG RMjSHQ3I1D67UsYN6MZ2mFW+cMf9aqI7qXkBQSE4/SOrM2nGkGJa5dNh01REPrmk/QK1v+1ovxob MgOl6uglJ8hMKUjyNZyvfy0kD76c2tqo3e7qPlkkVC6zfokjzfqXC8Za0+Mp+7AEAu+8RLnLcrrG xVPo0rFmIJThhhXUCiK3XG8A+qv5w2WhucR2n9Nuq5yIT1e2wZNtC4yqGAyXQPbhmi36Y3uUypZd jU5t77BHmpL9rONYwiic0bUMZ74RouPyMKhA44p1GQ== =PaX3 -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)