USN-7028-1

Details

It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service (system crash).

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems:

GPU drivers;
Greybus drivers;
Modular ISDN driver;
Multiple devices driver;
Network drivers;
SCSI drivers;
VFIO drivers;
F2FS file system;
GFS2 file system;
JFS file system;
NILFS2 file system;
Kernel debugger infrastructure;
Bluetooth subsystem;
IPv4 networking;
L2TP protocol;
Netfilter;
RxRPC session sockets; (CVE-2024-42154, CVE-2023-52527, CVE-2024-26733, CVE-2024-42160, CVE-2021-47188, CVE-2024-38570, CVE-2024-26851, CVE-2024-26984, CVE-2024-26677, CVE-2024-39480, CVE-2024-27398, CVE-2022-48791, CVE-2024-42224, CVE-2024-38583, CVE-2024-40902, CVE-2023-52809, CVE-2024-39495, CVE-2024-26651, CVE-2024-26880, CVE-2024-42228, CVE-2024-27437, CVE-2022-48863)

Affected Packages

Ubuntu:Pro:16.04:LTSlinux-aws-hwe

Fixed in:

4.15.0-1173.186~16.04.1

Ubuntu:Pro:16.04:LTSlinux-azure

Fixed in:

4.15.0-1181.196~16.04.1

Ubuntu:Pro:16.04:LTSlinux-gcp

Fixed in:

4.15.0-1166.183~16.04.1

Ubuntu:Pro:16.04:LTSlinux-hwe

Fixed in:

4.15.0-229.241~16.04.1

Ubuntu:Pro:16.04:LTSlinux-oracle

Fixed in:

4.15.0-1135.146~16.04.1

Ubuntu:Pro:18.04:LTSlinux

Fixed in:

4.15.0-229.241

Ubuntu:Pro:18.04:LTSlinux-aws

Fixed in:

4.15.0-1173.186

Ubuntu:Pro:18.04:LTSlinux-azure-4.15

Fixed in:

4.15.0-1181.196

Ubuntu:Pro:18.04:LTSlinux-gcp-4.15

Fixed in:

4.15.0-1166.183

Ubuntu:Pro:18.04:LTSlinux-kvm

Fixed in:

4.15.0-1156.161

Ubuntu:Pro:18.04:LTSlinux-oracle

Fixed in:

4.15.0-1135.146

References

USN-7028-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline