UBUNTU-CVE-2019-10220

Details

Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.

Affected Packages(49 packages)

linux

Ubuntu 16.04 LTS

Fixed in:

4.4.0-173.203

linux-aws

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1101.112

linux-aws-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1060.62~16.04.1

linux-azure

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1071.76

linux-gcp

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1055.59

linux-hwe

Ubuntu 16.04 LTS

Fixed in:

4.15.0-88.88~16.04.1

linux-hwe-edge

Ubuntu 16.04 LTS

Affected versions:

4.10.0-14.16~16.04.14.10.0-19.21~16.04.14.10.0-20.22~16.04.14.10.0-21.23~16.04.14.10.0-22.24~16.04.14.10.0-24.28~16.04.14.10.0-26.30~16.04.14.11.0-13.19~16.04.14.11.0-14.20~16.04.14.13.0-16.19~16.04.3+13 more

linux-kvm

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1065.72

linux-oracle

Ubuntu 16.04 LTS

Fixed in:

4.15.0-1033.36~16.04.1

linux-raspi2

Ubuntu 16.04 LTS

Fixed in:

4.4.0-1128.137

References

REPORT

https://ubuntu.com/security/CVE-2019-10220

ADVISORY

https://ubuntu.com/security/notices/USN-4226-1

REPORT

https://www.cve.org/CVERecord?id=CVE-2019-10220