Linux Kernel Multiple Vulnerabilities
RISK: Medium Risk
TYPE: Operating Systems - Linux
Multiple vulnerabilities were identified in Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution, sensitive information disclosure and data manipulation on the targeted system.
[Updated on 2021-11-25]
Updated System / Technologies affected and Solutions.
Impact
- Denial of Service
- Remote Code Execution
- Elevation of Privilege
- Information Disclosure
- Data Manipulation
System / Technologies affected
- Ubuntu 16.04 ESM
- Ubuntu 18.04 LTS
- Ubuntu 20.04 LTS
- SUSE Linux Enterprise High Availability 15-SP3
- SUSE Linux Enterprise Module for Basesystem 15-SP3
- SUSE Linux Enterprise Module for Development Tools 15-SP3
- SUSE Linux Enterprise Module for Legacy Software 15-SP3
- SUSE Linux Enterprise Module for Live Patching 15-SP3
- SUSE Linux Enterprise Module for Realtime 15-SP2
- SUSE Linux Enterprise Workstation Extension 15-SP3
- SUSE MicroOS 5.0
- SUSE MicroOS 5.1
[Updated on 2021-11-25]
- Oracle Linux version 7
- Oracle Linux version 8
Solutions
Before installation of the software, please visit the vendor web-site for more details.
For Ubuntu
The problem can be corrected by updating your system to the following package versions:
- Ubuntu 16.04
- Ubuntu 18.04
- Ubuntu 20.04
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
For SUSE
Apply fixes issued by the vendor:
- SUSE Linux Enterprise High Availability 15-SP3
- SUSE Linux Enterprise Module for Basesystem 15-SP3
- SUSE Linux Enterprise Module for Development Tools 15-SP3
- SUSE Linux Enterprise Module for Legacy Software 15-SP3
- SUSE Linux Enterprise Module for Live Patching 15-SP3
- SUSE Linux Enterprise Module for Realtime 15-SP2
- SUSE Linux Enterprise Workstation Extension 15-SP3
- SUSE MicroOS 5.0
- SUSE MicroOS 5.1
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch"
[Updated on 2021-11-25]
For Oracle Linux
Apply fixes issued by the vendor:
For detail, please refer to the links below:
- https://linux.oracle.com/errata/ELSA-2021-4777.html
- https://linux.oracle.com/errata/ELSA-2021-4056.html
Vulnerability Identifier
- CVE-2018-13405
- CVE-2019-19449
- CVE-2020-29660
- CVE-2020-29661
- CVE-2020-36385
- CVE-2021-3428
- CVE-2021-3444
- CVE-2021-3542
- CVE-2021-3655
- CVE-2021-3715
- CVE-2021-3739
- CVE-2021-3743
- CVE-2021-3744
- CVE-2021-3753
- CVE-2021-3759
- CVE-2021-3760
- CVE-2021-3764
- CVE-2021-3772
- CVE-2021-3896
- CVE-2021-33033
- CVE-2021-34556
- CVE-2021-34866
- CVE-2021-35477
- CVE-2021-41864
- CVE-2021-42008
- CVE-2021-42252
- CVE-2021-42739
- CVE-2021-43056
- CVE-2021-43389
Source
Related Link
- https://www.auscert.org.au/bulletins/ESB-2021.3872
- https://www.auscert.org.au/bulletins/ESB-2021.3871
- https://www.auscert.org.au/bulletins/ESB-2021.3870
- https://www.auscert.org.au/bulletins/ESB-2021.3867
- https://www.suse.com/support/update/announcement/2021/suse-su-20213658-1
- https://www.suse.com/support/update/announcement/2021/suse-su-20213655-1
- https://ubuntu.com/security/notices/LSN-0082-1
- https://ubuntu.com/security/notices/USN-5137-2
- https://ubuntu.com/security/notices/USN-5140-1
- https://ubuntu.com/security/notices/USN-5139-1
- https://linux.oracle.com/errata/ELSA-2021-4777.html
- https://linux.oracle.com/errata/ELSA-2021-4056.html
Related Tags
Share with