Release Info

Advisory: CLSA-2024:1731603700

OS: Ubuntu 16.04 ELS

Public date: 2024-11-14 12:01:42

Project: linux-hwe

Version: 4.15.0-240.251~16.04.1

Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2024-1731603700.html

Changelog

[ Ubuntu: 4.15.0-240.251 ] * CVE-url: https://ubuntu.com/security/CVE-2024-44946 - kcm: Serialise kcm_sendmsg() for the same socket. * CVE-url: https://ubuntu.com/security/CVE-2024-42292 - kobject_uevent: Fix OOB access within zap_modalias_env() * CVE-url: https://ubuntu.com/security/CVE-2024-41042 - netfilter: nf_tables: prefer nft_chain_validate * CVE-url: https://ubuntu.com/security/CVE-2024-42265 - protect the fetch of ->fd[fd] in do_dup2() from mispredictions * CVE-url: https://ubuntu.com/security/CVE-2024-50036 - net: do not delay dst_entries_add() in dst_release() * CVE-url: https://ubuntu.com/security/CVE-2024-47663 - staging: iio: frequency: ad9833: Load clock using clock framework - staging: iio: frequency: ad9834: Validate frequency parameter value * CVE-url: https://ubuntu.com/security/CVE-2024-47669 - nilfs2: fix state management in error path of log writing function * CVE-url: https://ubuntu.com/security/CVE-2023-52918 - media: pci: cx23885: check cx23885_vdev_init() return * CVE-url: https://ubuntu.com/security/CVE-2024-44960 - usb: gadget: core: Check for unset descriptor * CVE-url: https://ubuntu.com/security/CVE-2024-42297 - f2fs: fix to don't dirty inode for readonly filesystem * CVE-url: https://ubuntu.com/security/CVE-2024-46750 - PCI: Add missing bridge lock to pci_bus_lock() * CVE-url: https://ubuntu.com/security/CVE-2024-46676 - nfc: pn533: Add poll mod list filling check * CVE-url: https://ubuntu.com/security/CVE-2024-46761 - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv * CVE-url: https://ubuntu.com/security/CVE-2024-46755 - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() * CVE-url: https://ubuntu.com/security/CVE-2024-46679 - ethtool: check device is present when getting link settings * CVE-url: https://ubuntu.com/security/CVE-2024-46721 - apparmor: fix possible NULL pointer dereference * CVE-url: https://ubuntu.com/security/CVE-2024-46685 - pinctrl: single: fix potential NULL dereference in pcs_get_function() * CVE-url: https://ubuntu.com/security/CVE-2024-44947 - fuse: Initialize beyond-EOF page contents before setting uptodate * CVE-url: https://ubuntu.com/security/CVE-2024-46675 - usb: dwc3: core: Prevent USB core invalid event buffer address access * CVE-url: https://ubuntu.com/security/CVE-2024-43893 - serial: core: check uartclk for zero to avoid divide by zero * CVE-url: https://ubuntu.com/security/CVE-2024-45021 - memcg_write_event_control(): fix a user-triggerable oops * CVE-url: https://ubuntu.com/security/CVE-2024-46677 - gtp: fix a potential NULL pointer dereference * CVE-url: https://ubuntu.com/security/CVE-2024-43861 - net: usb: qmi_wwan: fix memory leak for not ip packets * CVE-url: https://ubuntu.com/security/CVE-2024-41063 - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() * CVE-url: https://ubuntu.com/security/CVE-2024-45006 - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration * CVE-url: https://ubuntu.com/security/CVE-2024-43853 - cgroup/cpuset: Prevent UAF in proc_cpuset_show() * CVE-url: https://ubuntu.com/security/CVE-2024-42310 - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes * CVE-url: https://ubuntu.com/security/CVE-2024-42311 - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() * CVE-url: https://ubuntu.com/security/CVE-2024-41012 - filelock: Remove locks reliably when fcntl/close race is detected * CVE-url: https://ubuntu.com/security/CVE-2024-45028 - mmc: mmc_test: Fix NULL dereference on allocation failure * CVE-url: https://ubuntu.com/security/CVE-2024-43860 - remoteproc: imx_rproc: Skip over memory region when node value is NULL * CVE-url: https://ubuntu.com/security/CVE-2024-43914 - md/raid5: avoid BUG_ON() while continue reshape after reassembling * CVE-url: https://ubuntu.com/security/CVE-2024-45025 - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE * CVE-url: https://ubuntu.com/security/CVE-2024-43856 - dma: fix call order in dmam_free_coherent * CVE-url: https://ubuntu.com/security/CVE-2024-42289 - scsi: qla2xxx: During vport delete send async logout explicitly * CVE-url: https://ubuntu.com/security/CVE-2024-44995 - net: hns3: fix a deadlock problem when config TC during resetting * CVE-url: https://ubuntu.com/security/CVE-2024-43854 - block: initialize integrity buffer to zero before writing it to media * CVE-url: https://ubuntu.com/security/CVE-2024-43884 - Bluetooth: MGMT: Add error handling to pair_device() * CVE-url: https://ubuntu.com/security/CVE-2024-43871 - devres: Fix memory leakage caused by driver API devm_free_percpu() * CVE-url: https://ubuntu.com/security/CVE-2024-42309 - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes * CVE-url: https://ubuntu.com/security/CVE-2024-26668 - netfilter: nft_limit: reject configurations that cause integer overflow * CVE-url: https://ubuntu.com/security/CVE-2024-50044 - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change * CVE-url: https://ubuntu.com/security/CVE-2024-49967 - ext4: no need to continue when the number of entries is 1 * CVE-url: https://ubuntu.com/security/CVE-2024-50033 - slip: make slhc_remember() more robust against malicious packets * CVE-url: https://ubuntu.com/security/CVE-2024-47670 - ocfs2: add bounds checking to ocfs2_xattr_find_entry() * CVE-url: https://ubuntu.com/security/CVE-2024-49950 - Bluetooth: L2CAP: Fix uaf in l2cap_connect * CVE-url: https://ubuntu.com/security/CVE-2024-49883 - ext4: aovid use-after-free in ext4_ext_insert_extent() * CVE-url: https://ubuntu.com/security/CVE-2024-47745 - mm: call the security_mmap_file() LSM hook in remap_file_pages() * CVE-url: https://ubuntu.com/security/CVE-2024-49860 - ACPI: sysfs: validate return type of _STR method * CVE-url: https://ubuntu.com/security/CVE-2024-49882 - ext4: fix double brelse() the buffer of the extents path * CVE-url: https://ubuntu.com/security/CVE-2024-49995 - tipc: guard against string buffer overrun * CVE-url: https://ubuntu.com/security/CVE-2024-47723 - jfs: fix out-of-bounds in dbNextAG() and diAlloc() * CVE-url: https://ubuntu.com/security/CVE-2024-50055 - driver core: bus: Fix double free in driver API bus_register() * CVE-url: https://ubuntu.com/security/CVE-2024-47698 - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error * CVE-url: https://ubuntu.com/security/CVE-2022-49026 - e100: Fix possible use after free in e100_xmit_prepare * CVE-url: https://ubuntu.com/security/CVE-2024-47742 - firmware_loader: Block path traversal * CVE-url: https://ubuntu.com/security/CVE-2024-50035 - ppp: fix ppp_async_encode() illegal access * CVE-url: https://ubuntu.com/security/CVE-2024-47757 - nilfs2: fix potential oob read in nilfs_btree_check_delete() * CVE-url: https://ubuntu.com/security/CVE-2024-49884 - ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path - ext4: fix slab-use-after-free in ext4_split_extent_at() * CVE-url: https://ubuntu.com/security/CVE-2022-49006 - tracing: Free buffers when a used dynamic event is removed * CVE-url: https://ubuntu.com/security/CVE-2024-49903 - jfs: Fix uaf in dbFreeBits * CVE-url: https://ubuntu.com/security/CVE-2024-47701 - ext4: avoid OOB when system.data xattr changes underneath the filesystem * CVE-url: https://ubuntu.com/security/CVE-2024-49889 - ext4: avoid use-after-free in ext4_ext_show_leaf() * CVE-url: https://ubuntu.com/security/CVE-2024-50073 - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux * CVE-url: https://ubuntu.com/security/CVE-2024-47747 - net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition * CVE-url: https://ubuntu.com/security/CVE-2024-49900 - jfs: Fix uninit-value access of new_ea in ea_buffer * CVE-url: https://ubuntu.com/security/CVE-2024-47697 - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error * CVE-url: https://ubuntu.com/security/CVE-2022-48951 - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() * CVE-url: https://ubuntu.com/security/CVE-2024-49981 - media: venus: fix use after free bug in venus_remove due to race condition * CVE-url: https://ubuntu.com/security/CVE-2024-43839 - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures * CVE-url: https://ubuntu.com/security/CVE-2024-47659 - smack: tcp: ipv4, fix incorrect labeling * CVE-url: https://ubuntu.com/security/CVE-2024-47685 - netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() * CVE-url: https://ubuntu.com/security/CVE-2024-39476 - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING * CVE-url: https://ubuntu.com/security/CVE-2024-27397 - netfilter: nf_tables: use timestamp to check for set element timeout - netfilter: nf_tables: annotate data-races around element expiration - netfilter: nf_tables: support timeouts larger than 23 days * CVE-url: https://ubuntu.com/security/CVE-2024-26641 - net: Fix unwanted sign extension in netdev_stats_to_stats64() - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() * CVE-url: https://ubuntu.com/security/CVE-2024-38611 - media: i2c: et8ek8: Don't strip remove function when driver is builtin

Update

Update command: apt-get update apt-get --only-upgrade install linux-hwe*

Packages list

linux-buildinfo-4.15.0-240-tuxcare.els38-generic_4.15.0-240.251~16.04.1_amd64.deb linux-buildinfo-4.15.0-240-tuxcare.els38-lowlatency_4.15.0-240.251~16.04.1_amd64.deb linux-cloud-tools-4.15.0-240-tuxcare.els38-generic_4.15.0-240.251~16.04.1_amd64.deb linux-cloud-tools-4.15.0-240-tuxcare.els38-lowlatency_4.15.0-240.251~16.04.1_amd64.deb linux-headers-4.15.0-240-tuxcare.els38_4.15.0-240.251~16.04.1_all.deb linux-headers-4.15.0-240-tuxcare.els38-generic_4.15.0-240.251~16.04.1_amd64.deb linux-headers-4.15.0-240-tuxcare.els38-lowlatency_4.15.0-240.251~16.04.1_amd64.deb linux-hwe-cloud-tools-4.15.0-240-tuxcare.els38_4.15.0-240.251~16.04.1_amd64.deb linux-hwe-tools-4.15.0-240-tuxcare.els38_4.15.0-240.251~16.04.1_amd64.deb linux-image-unsigned-4.15.0-240-tuxcare.els38-generic_4.15.0-240.251~16.04.1_amd64.deb linux-image-unsigned-4.15.0-240-tuxcare.els38-lowlatency_4.15.0-240.251~16.04.1_amd64.deb linux-modules-4.15.0-240-tuxcare.els38-generic_4.15.0-240.251~16.04.1_amd64.deb linux-modules-4.15.0-240-tuxcare.els38-lowlatency_4.15.0-240.251~16.04.1_amd64.deb linux-modules-extra-4.15.0-240-tuxcare.els38-generic_4.15.0-240.251~16.04.1_amd64.deb linux-source-4.15.0_4.15.0-240.251~16.04.1_all.deb linux-tools-4.15.0-240-tuxcare.els38-generic_4.15.0-240.251~16.04.1_amd64.deb linux-tools-4.15.0-240-tuxcare.els38-lowlatency_4.15.0-240.251~16.04.1_amd64.deb

CVEs

CVE-2024-41042
CVE-2024-43893
CVE-2024-49995
CVE-2024-47745
CVE-2024-26668
CVE-2024-50073
CVE-2022-49006
CVE-2024-42292
CVE-2022-49026
CVE-2024-47757
CVE-2024-46679
CVE-2024-44947
CVE-2024-46685
CVE-2024-42289
CVE-2024-44960
CVE-2024-49950
CVE-2024-46721
CVE-2024-43839
CVE-2024-47663
CVE-2024-47669
CVE-2024-47670
CVE-2024-38611
CVE-2024-50036
CVE-2024-47701
CVE-2024-49884
CVE-2024-47685
CVE-2024-43853
CVE-2024-49967
CVE-2024-49900
CVE-2024-46750
CVE-2024-46676
CVE-2024-46761
CVE-2024-46677
CVE-2024-43861
CVE-2024-41063
CVE-2024-42310
CVE-2024-43856
CVE-2024-45006
CVE-2024-42297
CVE-2024-44995
CVE-2024-43884
CVE-2024-50033
CVE-2024-49882
CVE-2024-47723
CVE-2024-47698
CVE-2024-47742
CVE-2023-52918
CVE-2022-48951
CVE-2024-43854
CVE-2024-41012
CVE-2024-45021
CVE-2024-47747
CVE-2024-50055
CVE-2024-26641
CVE-2024-49903
CVE-2024-50035
CVE-2024-46755
CVE-2024-50044
CVE-2024-49883
CVE-2024-49860
CVE-2024-49889
CVE-2024-47659
CVE-2024-44946
CVE-2024-42311
CVE-2024-46675
CVE-2024-45028
CVE-2024-43860
CVE-2024-43914
CVE-2024-45025
CVE-2024-43871
CVE-2024-42309
CVE-2024-42265
CVE-2024-39476
CVE-2024-27397
CVE-2024-47697
CVE-2024-49981