This Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04.2 LTS includes the same fixes for four security flaws that Canonical added in the lastest kernel for Ubuntu 19.04 last week, including an integer overflow (CVE-2019-11487) discovered in Linux kernel, which could lead to use-after-free issues as local attackers were able to use the exploit to execute arbitrary code or cause a denial of service (system crash).
Additionally, the security patch addresses a race condition (CVE-2019-11599) discovered by Google Project Zero’s Jann Horn in Linux kernel when performing core dumps, which could allow a local attacker to expose sensitive information or crash the system by causing a denial of service (DoS attack).
Also fixed are two issues (CVE-2019-11833 and CVE-2019-11884) discovered in Linux kernel’s EXT4 file system implementation and Bluetooth Human Interface Device Protocol (HIDP) implementation, both of each could allow a local attacker to expose sensitive information (kernel memory).
Source: https://news.softpedia.com/news/canonical-releases-linux-5-0-kernel-hwe-security-update-for-ubuntu-18-04-2-lts-526921.shtml
Submitted by: Arnfried Walbrecht
Comments are closed.