Release Info

Advisory: CLSA-2024:1723808285

OS: Ubuntu 16.04 ELS

Public date: 2024-08-16 07:38:07

Project: linux-hwe

Version: 4.15.0-235.246~16.04.1

Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2024-1723808285.html

Changelog

[ Ubuntu: 4.15.0-235.246 ] * CVE-url: https://ubuntu.com/security/CVE-2024-39467 - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() * CVE-url: https://ubuntu.com/security/CVE-2024-36940 - pinctrl: core: delete incorrect free in pinctrl_enable() * CVE-url: https://ubuntu.com/security/CVE-2024-38659 - enic: Validate length of nl attributes in enic_set_vf_port * CVE-url: https://ubuntu.com/security/CVE-2024-38560 - scsi: bfa: Ensure the copied buf is NUL terminated * CVE-url: https://ubuntu.com/security/CVE-2024-36941 - wifi: nl80211: don't free NULL coalescing rule * CVE-url: https://ubuntu.com/security/CVE-2024-27401 - firewire: nosy: ensure user_length is taken into account when fetching packet contents * CVE-url: https://ubuntu.com/security/CVE-2024-39276 - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() * CVE-url: https://ubuntu.com/security/CVE-2024-27398 - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout * CVE-url: https://ubuntu.com/security/CVE-2024-36964 - fs/9p: only translate RWX permissions for plain 9P2000 * CVE-url: https://ubuntu.com/security/CVE-2024-38601 - ring-buffer: Fix a race between readers and resize checks * CVE-url: https://ubuntu.com/security/CVE-2024-39475 - fbdev: savage: Handle err return when savagefb_check_var failed * CVE-url: https://ubuntu.com/security/CVE-2024-38578 - ecryptfs: Fix buffer size for tag 66 packet * CVE-url: https://ubuntu.com/security/CVE-2024-36950 - firewire: ohci: mask bus reset interrupts between ISR and bottom half * CVE-url: https://ubuntu.com/security/CVE-2024-38589 - netrom: fix possible dead-lock in nr_rt_ioctl() * CVE-url: https://ubuntu.com/security/CVE-2024-38627 - stm class: Fix a double free in stm_register_device() * CVE-url: https://ubuntu.com/security/CVE-2024-38612 - ipv6: sr: fix invalid unregister error path * CVE-url: https://ubuntu.com/security/CVE-2024-36905 - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets * CVE-url: https://ubuntu.com/security/CVE-2024-38559 - scsi: qedf: Ensure the copied buf is NUL terminated * CVE-url: https://ubuntu.com/security/CVE-2024-33621 - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound * CVE-url: https://ubuntu.com/security/CVE-2024-38637 - greybus: lights: check return of get_channel_from_mode * CVE-url: https://ubuntu.com/security/CVE-2024-38567 - wifi: carl9170: add a proper sanity check for endpoints * CVE-url: https://ubuntu.com/security/CVE-2024-39301 - net/9p: fix uninit-value in p9_client_rpc() * CVE-url: https://ubuntu.com/security/CVE-2024-36919 - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload * CVE-url: https://ubuntu.com/security/CVE-2022-48772 - media: lgdt3306a: Add a check against null-pointer-def * CVE-url: https://ubuntu.com/security/CVE-2024-36017 - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation * CVE-url: https://ubuntu.com/security/CVE-2024-36934 - bna: ensure the copied buf is NUL terminated * CVE-url: https://ubuntu.com/security/CVE-2024-38558 - net: openvswitch: fix overwriting ct original tuple for ICMPv6 * CVE-url: https://ubuntu.com/security/CVE-2024-38565 - USB: core: Add routines for endpoint checks in old drivers - wifi: ar5523: enable proper endpoint verification * CVE-url: https://ubuntu.com/security/CVE-2024-38600 - ALSA: control: Add verification for kctl accesses - ALSA: control: Track in-flight control read/write/tlv accesses - ALSA: Fix deadlocks with kctl removals at disconnection * CVE-url: https://ubuntu.com/security/CVE-2024-31076 - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline * CVE-url: https://ubuntu.com/security/CVE-2024-36015 - ida: Add new API - ppdev: Remove usage of the deprecated ida_simple_xx() API - ppdev: Add an error check in register_device * CVE-url: https://ubuntu.com/security/CVE-2024-38621 - media: stk1160: fix bounds checking in stk1160_copy_video() * CVE-url: https://ubuntu.com/security/CVE-2024-38549 - drm/mediatek: Add 0 size check to mtk_drm_gem_obj * CVE-url: https://ubuntu.com/security/CVE-2024-35947 - dyndbg: fix old BUG_ON in >control parser * CVE-url: https://ubuntu.com/security/CVE-2024-37353 - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails * CVE-url: https://ubuntu.com/security/CVE-2024-27399 - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout * CVE-url: https://ubuntu.com/security/CVE-2024-38618 - ALSA: timer: Simplify timer hw resolution calls - ALSA: timer: Set lower bound of start tick time * CVE-url: https://ubuntu.com/security/CVE-2024-38579 - crypto: bcm - Fix pointer arithmetic * CVE-url: https://ubuntu.com/security/CVE-2024-36286 - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() * CVE-url: https://ubuntu.com/security/CVE-2024-39488 - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY * CVE-url: https://ubuntu.com/security/CVE-2024-38607 - macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" * CVE-url: https://ubuntu.com/security/CVE-2024-37356 - params: lift param_set_uint_minmax to common code - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). * CVE-url: https://ubuntu.com/security/CVE-2024-38613 - m68k: Fix spinlock race in kernel thread creation * CVE-url: https://ubuntu.com/security/CVE-2024-36954 - tipc: fix a possible memleak in tipc_buf_append * CVE-url: https://ubuntu.com/security/CVE-2024-38661 - s390/ap: Fix crash in AP internal function modify_bitmap() * CVE-url: https://ubuntu.com/security/CVE-2024-38599 - jffs2: prevent xattr node from overflowing the eraseblock * CVE-url: https://ubuntu.com/security/CVE-2024-38633 - serial: core: Provide port lock wrappers - serial: max3100: Update uart_driver_registered on driver removal * CVE-url: https://ubuntu.com/security/CVE-2024-39292 - um: Add winch to winch_handlers before registering winch IRQ * CVE-url: https://ubuntu.com/security/CVE-2024-36939 - NFS: Cleanup - add nfs_clients_exit to mirror nfs_clients_init - nfs: expose /proc/net/sunrpc/nfs in net namespaces - sunrpc: add a struct rpc_stats arg to rpc_create_args - nfs: make the rpc_stat per net namespace - nfs: Handle error of rpc_proc_register() in nfs_net_init(). * CVE-url: https://ubuntu.com/security/CVE-2024-38634 - serial: max3100: Lock port->lock when calling uart_handle_cts_change() * CVE-url: https://ubuntu.com/security/CVE-2024-36933 - nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). * CVE-url: https://ubuntu.com/security/CVE-2024-36883 - net: fix out-of-bounds access in ops_init * CVE-url: https://ubuntu.com/security/CVE-2024-39480 - kdb: Fix buffer overflow during tab-complete * CVE-url: https://ubuntu.com/security/CVE-2024-36960 - drm/vmwgfx: Fix invalid reads in fence signaled events * CVE-url: https://ubuntu.com/security/CVE-2024-36946 - phonet: fix rtm_phonet_notify() skb allocation

Update

Update command: apt-get update apt-get --only-upgrade install linux-hwe*

Packages list

linux-buildinfo-4.15.0-235-tuxcare.els33-generic_4.15.0-235.246~16.04.1_amd64.deb linux-buildinfo-4.15.0-235-tuxcare.els33-lowlatency_4.15.0-235.246~16.04.1_amd64.deb linux-cloud-tools-4.15.0-235-tuxcare.els33-generic_4.15.0-235.246~16.04.1_amd64.deb linux-cloud-tools-4.15.0-235-tuxcare.els33-lowlatency_4.15.0-235.246~16.04.1_amd64.deb linux-headers-4.15.0-235-tuxcare.els33_4.15.0-235.246~16.04.1_all.deb linux-headers-4.15.0-235-tuxcare.els33-generic_4.15.0-235.246~16.04.1_amd64.deb linux-headers-4.15.0-235-tuxcare.els33-lowlatency_4.15.0-235.246~16.04.1_amd64.deb linux-hwe-cloud-tools-4.15.0-235-tuxcare.els33_4.15.0-235.246~16.04.1_amd64.deb linux-hwe-tools-4.15.0-235-tuxcare.els33_4.15.0-235.246~16.04.1_amd64.deb linux-image-unsigned-4.15.0-235-tuxcare.els33-generic_4.15.0-235.246~16.04.1_amd64.deb linux-image-unsigned-4.15.0-235-tuxcare.els33-lowlatency_4.15.0-235.246~16.04.1_amd64.deb linux-modules-4.15.0-235-tuxcare.els33-generic_4.15.0-235.246~16.04.1_amd64.deb linux-modules-4.15.0-235-tuxcare.els33-lowlatency_4.15.0-235.246~16.04.1_amd64.deb linux-modules-extra-4.15.0-235-tuxcare.els33-generic_4.15.0-235.246~16.04.1_amd64.deb linux-source-4.15.0_4.15.0-235.246~16.04.1_all.deb linux-tools-4.15.0-235-tuxcare.els33-generic_4.15.0-235.246~16.04.1_amd64.deb linux-tools-4.15.0-235-tuxcare.els33-lowlatency_4.15.0-235.246~16.04.1_amd64.deb

CVEs

CVE-2024-38621
CVE-2024-38633
CVE-2024-39292
CVE-2024-39276
CVE-2024-38589
CVE-2024-31076
CVE-2024-38661
CVE-2024-37353
CVE-2024-27399
CVE-2024-39488
CVE-2024-27398
CVE-2024-36919
CVE-2024-36933
CVE-2024-36905
CVE-2024-36940
CVE-2024-36939
CVE-2024-36941
CVE-2024-38549
CVE-2024-37356
CVE-2024-38579
CVE-2024-38599
CVE-2024-38612
CVE-2024-38607
CVE-2024-38627
CVE-2024-38601
CVE-2024-38659
CVE-2024-39480
CVE-2024-39301
CVE-2024-36964
CVE-2024-38567
CVE-2024-39467
CVE-2024-38637
CVE-2024-38559
CVE-2024-36950
CVE-2024-36946
CVE-2024-38560
CVE-2024-36017
CVE-2024-38613
CVE-2024-38565
CVE-2024-38558
CVE-2024-36286
CVE-2024-39475
CVE-2024-27401
CVE-2024-33621
CVE-2024-38634
CVE-2024-38600
CVE-2024-38618
CVE-2024-38578
CVE-2024-36954
CVE-2024-36934
CVE-2024-36883
CVE-2024-36015
CVE-2024-35947
CVE-2022-48772
CVE-2024-36960