Canonical has launched a new kernel version for Ubuntu 18.04. Or well, that's what we can read if we look for information about Linux 5.0.0-23.24, a version that matches the update released yesterday: the official Ubuntu page places that the affected version is Bionic Beaver, but the update is also available for Disco Dingo. What is clear is that the new version has been released for Ubuntu 18.04 LTS if it is using Linux 5.0.x.
What is also clear is what the patches introduced in this version fix: the 4 security flaws solved on July 23 for Ubuntu 19.04 that we will detail below. The new version, which we remember has also appeared for Disco Dingo, is Linux 5.0.0-23.24 ~ 18.04.1 for Ubuntu 18.04 LTS and Linux 5.0.0-23.24 for Ubuntu 19.04. Here we recall the bugs they fixed last week at Disco Dingo and yesterday at Bionic Beaver.
The new kernel fixes these 4 bugs
- CVE-2019-11487: it was discovered that an integer overflow existed in the Linux kernel when referencing pages, leading to potential usability issues after it was released. A local attacker could use this to cause a denial of service (unexpected shutdown) or possibly execute arbitrary code.
- CVE-2019-11599: Jann Horn discovered that a race condition existed in the Linux kernel when performing memory dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.
- CVE-2019-11833: The ext4 file system implementation in the Linux kernel was found to not properly close memory in some situations. A local attacker could use this to expose sensitive information (kernel memory).
- CVE-2019-11884: Found that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not correctly verify that strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).
Canonical recommends updating as soon as possible, especially Ubuntu 18.04 users. Personally, I still don't know why they have launched a new version for Ubuntu 19.04 and that there is not yet News list it does not help to leave doubts. In any case and as always, it is worth updating right now. We remember that the patches will not be applied until we restart the computer.