Release Info

Advisory: CLSA-2023:1695041084

OS: Ubuntu 18.04 ELS

Public date: 2023-09-18 08:44:46

Project: linux

Version: 4.15.0-217.228

Errata link: https://errata.cloudlinux.com/ubuntu18-els/CLSA-2023-1695041084.html

Changelog

* CVE-url: https://ubuntu.com/security/CVE-2023-4622 - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). * Jammy update: v5.15.105 upstream stable release (LP: #2023230) // CVE-url: https://ubuntu.com/security/CVE-2022-4269 - net/sched: act_mirred: better wording on protection against excessive stack growth - act_mirred: use the backlog for nested calls to mirred ingress * CVE-url: https://ubuntu.com/security/CVE-2022-4269 - net/sched: user-space can't set unknown tcfa_action values - net/tc: introduce TC_ACT_REINSERT. - act_mirred: use TC_ACT_REINSERT when possible - net: sched: act_mirred method rename for grep-ability and consistency - net: sched: protect against stack overflow in TC act_mirred - net/sched: act_mirred: refactor the handle of xmit - selftests: forwarding: Introduce tc actions tests * Jammy update: v5.15.94 upstream stable release (LP: #2012673) // CVE-url: https://ubuntu.com/security/CVE-2022-27672 - x86/speculation: Identify processors vulnerable to SMT RSB predictions - KVM: x86: Mitigate the cross-thread return address predictions bug - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions * CVE-url: https://ubuntu.com/security/CVE-2022-27672 - KVM: x86: drop bogus MWAIT check - KVM: x86: simplify kvm_mwait_in_guest() - KVM: X86: Provide a capability to disable MWAIT intercepts - KVM: X86: Provide a capability to disable HLT intercepts - KVM: VMX: Remove redundant write to set vCPU as active at RESET/INIT - KVM: X86: Provide a capability to disable PAUSE intercepts - x86/headers/UAPI: Move DISABLE_EXITS KVM capability bits to the UAPI - tools headers kvm: Sync uapi/linux/kvm.h with the kernel sources - KVM: X86: Provide a capability to disable cstate msr read intercepts * Jammy update: v5.15.110 upstream stable release (LP: #2025090) // CVE-url: https://ubuntu.com/security/CVE-2023-2002 - bluetooth: Perform careful capability checks in hci_sock_ioctl() * Jammy update: v5.15.80 upstream stable release (LP: #2003122) // CVE-url: https://ubuntu.com/security/CVE-2022-3169 - nvme: ensure subsystem reset is single threaded * CVE-url: https://ubuntu.com/security/CVE-2022-3169 - nvme: host delete_work and reset_work on separate workqueues - PCI/ASPM: Add pcie_aspm_enabled() - nvme-pci: Allow PCI bus-level PM to be used if ASPM is disabled - nvme: Prevent resets during paused controller state - nvme: Add quirk for LiteON CL1 devices running FW 22301111 - nvme: Wait for reset state when required * Jammy update: v5.15.81 upstream stable release (LP: #2003130) // CVE-url: https://ubuntu.com/security/CVE-2022-47519 - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute * CVE-2022-47520 // CVE-url: https://ubuntu.com/security/CVE-2022-47520 - wifi: wilc1000: validate pairwise and authentication suite offsets * CVE-url: https://ubuntu.com/security/CVE-2022-45919 - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221

Update

Update command: apt-get update apt-get --only-upgrade install linux*

Packages list

linux-buildinfo-4.15.0-217-tuxcare.els5-generic_4.15.0-217.228_amd64.deb linux-buildinfo-4.15.0-217-tuxcare.els5-lowlatency_4.15.0-217.228_amd64.deb linux-cloud-tools-4.15.0-217-tuxcare.els5_4.15.0-217.228_amd64.deb linux-cloud-tools-4.15.0-217-tuxcare.els5-generic_4.15.0-217.228_amd64.deb linux-cloud-tools-4.15.0-217-tuxcare.els5-lowlatency_4.15.0-217.228_amd64.deb linux-cloud-tools-common_4.15.0-217.228_all.deb linux-doc_4.15.0-217.228_all.deb linux-headers-4.15.0-217-tuxcare.els5_4.15.0-217.228_all.deb linux-headers-4.15.0-217-tuxcare.els5-generic_4.15.0-217.228_amd64.deb linux-headers-4.15.0-217-tuxcare.els5-lowlatency_4.15.0-217.228_amd64.deb linux-image-unsigned-4.15.0-217-tuxcare.els5-generic_4.15.0-217.228_amd64.deb linux-image-unsigned-4.15.0-217-tuxcare.els5-lowlatency_4.15.0-217.228_amd64.deb linux-libc-dev_4.15.0-217.228_amd64.deb linux-modules-4.15.0-217-tuxcare.els5-generic_4.15.0-217.228_amd64.deb linux-modules-4.15.0-217-tuxcare.els5-lowlatency_4.15.0-217.228_amd64.deb linux-modules-extra-4.15.0-217-tuxcare.els5-generic_4.15.0-217.228_amd64.deb linux-source-4.15.0_4.15.0-217.228_all.deb linux-tools-4.15.0-217-tuxcare.els5_4.15.0-217.228_amd64.deb linux-tools-4.15.0-217-tuxcare.els5-generic_4.15.0-217.228_amd64.deb linux-tools-4.15.0-217-tuxcare.els5-lowlatency_4.15.0-217.228_amd64.deb linux-tools-common_4.15.0-217.228_all.deb linux-tools-host_4.15.0-217.228_all.deb

CVEs

CVE-2022-47519
CVE-2022-3169
CVE-2023-2002
CVE-2022-45919
CVE-2022-4269
CVE-2023-4622
CVE-2022-27672
CVE-2022-47520