Canonical has released a security update for the Ubuntu 16.04 LTS (Xenial Xerus) operating system that fixes a number of vulnerabilities.
The patch resolves six vulnerabilities, including integer overflow (CVE-2019-10142) in the Linux kernel hypervisor dispatcher Freescale (PowerPC), and the race condition (CVE-2018-20836) found in the Serial Attached SCSI (SAS) implementation that could allow a local attacker to execute arbitrary code or cause a denial of service system.Read also: Microsoft: zero-day vulnerabilities do not usually pose a threat to newer Windows versions
Additionally, were fixed two problems (CVE-2019-11833 and CVE-2019-11884) in the EXT4 file system and the implementation of the Bluetooth HIDP (Human Interface Device Protocol), the operation that could allow a local attacker to gain access to confidential information in the kernel memory.
“Broadcom Wifi driver in the Linux kernel did not properly prevent remote firmware events from being processed for USB Wifi devices. A physically proximate attacker could use this to send firmware events to the device”, — said researcher Hugues Anguelkov.
The bug CVE-2019-9503 got identifier and for it Canonical has released a patch.
The new update also resolves a problem (CVE-2019-2054) in the Linux kernel that affects ARM processors, allowing the tracing process to change the system call after a seccomp decides on an appropriate system call, which may allow a local attacker to bypass the seccomp restrictions.