USN-4007-1

Details

Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization (ASLR) in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary.

As a hardening measure, this update disables a.out support.

Affected Packages

Ubuntu:18.04:LTSlinux

Fixed in:

4.15.0-51.55

Ubuntu:18.04:LTSlinux-aws

Fixed in:

4.15.0-1040.42

Ubuntu:18.04:LTSlinux-gcp

Fixed in:

4.15.0-1033.35

Ubuntu:18.04:LTSlinux-kvm

Fixed in:

4.15.0-1035.35

Ubuntu:18.04:LTSlinux-oem

Fixed in:

4.15.0-1039.44

Ubuntu:18.04:LTSlinux-oracle

Fixed in:

4.15.0-1014.16

Ubuntu:18.04:LTSlinux-raspi2

Fixed in:

4.15.0-1037.39

Ubuntu:18.04:LTSlinux-snapdragon

Fixed in:

4.15.0-1054.58

References

REPORThttps://ubuntu.com/security/CVE-2019-11191 ADVISORYhttps://ubuntu.com/security/notices/USN-4007-1

USN-4007-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline