Bionic Beavers and Xenial Xeruses: update your kernel again. In fixing it, Canonical introduced a regression

On September 2 and without making much noise, as always in the case of security flaws, Canonical published five reports collecting many kernel vulnerabilities from Ubuntu. In total, 109 bugs were corrected, 28 of them included in the report USN-4115-1 that affected Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus). Taking into account everything they fixed, this is not a case in which we can say that the remedy was worse than the disease, but they did "break" something trying to correct the many vulnerabilities detected.

What they did, something that happens more than meets the eye, is introduce a regression that caused the kernel to crash when handling fragmented packets in some situations. The updates, already available in the software centers (or Software Update app), correct this fault. For everything else, the report USN-4115-2 It tells us about the same as USN-4115-1, 28 faults spread over linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm , linux-oracle and linux-raspi2, all of medium or low urgency.

Updated kernel on Ubuntu 18.04 and Ubuntu 16.04 to remove a regression

The bugs fixed a week ago and re-patched this one are the following:

• CVE-2018-19985
• CVE-2018-20784
• CVE-2019-0136
• CVE-2019-10207
• CVE-2019-10638
• CVE-2019-10639
• CVE-2019-11487
• CVE-2019-11599
• CVE-2019-11810
• CVE-2019-13631
• CVE-2019-13648
• CVE-2019-14283
• CVE-2019-14284
• CVE-2019-14763
• CVE-2019-15090
• CVE-2019-15211
• CVE-2019-15212
• CVE-2019-15214
• CVE-2019-15215
• CVE-2019-15216
• CVE-2019-15218
• CVE-2019-15220
• CVE-2019-15221
• CVE-2019-15292
• CVE-2019-3701
• CVE-2019-3819
• CVE-2019-3900
• CVE-2019-9506

The packages to be updated are:

On Ubuntu 18.04 LTS

• linux-image-4.15.0-1023-oracle - 4.15.0-1023.26
• linux-image-4.15.0-1042-gke - 4.15.0-1042.44
• linux-image-4.15.0-1044-kvm - 4.15.0-1044.44
• linux-image-4.15.0-1045-raspi2 – 4.15.0-1045.49
• linux-image-4.15.0-1048-aws - 4.15.0-1048.50
• linux-image-4.15.0-62-generic - 4.15.0-62.69
• linux-image-4.15.0-62-generic-lpae - 4.15.0-62.69
• linux-image-4.15.0-62-lowlatency - 4.15.0-62.69
• linux-image-aws - 4.15.0.1048.47
• linux-image-generic - 4.15.0.62.64
• linux-image-generic-lpae - 4.15.0.62.64
• linux-image-gke - 4.15.0.1042.45
• linux-image-gke-4.15 - 4.15.0.1042.45
• linux-image-kvm - 4.15.0.1044.44
• linux-image-lowlatency - 4.15.0.62.64
• linux-image-oracle - 4.15.0.1023.26
• linux-image-powerpc-e500mc - 4.15.0.62.64
• linux-image-powerpc-smp - 4.15.0.62.64
• linux-image-powerpc64-emb - 4.15.0.62.64
• linux-image-powerpc64-smp - 4.15.0.62.64
• linux-image-raspi2 - 4.15.0.1045.43
• linux-image-virtual - 4.15.0.62.64

On Ubuntu 16.04 LTS

• linux-image-4.15.0-1023-oracle – 4.15.0-1023.26~16.04.1
• linux-image-4.15.0-1042-gcp - 4.15.0-1042.44
• linux-image-4.15.0-1048-aws – 4.15.0-1048.50~16.04.1
• linux-image-4.15.0-1057-azure - 4.15.0-1057.62
• linux-image-4.15.0-62-generic – 4.15.0-62.69~16.04.1
• linux-image-4.15.0-62-generic-lpae – 4.15.0-62.69~16.04.1
• linux-image-4.15.0-62-lowlatency – 4.15.0-62.69~16.04.1
• linux-image-aws-hwe - 4.15.0.1048.48
• linux-image-azure - 4.15.0.1057.60
• linux-image-gcp - 4.15.0.1042.56
• linux-image-generic-hwe-16.04 - 4.15.0.62.82
• linux-image-generic-lpae-hwe-16.04 - 4.15.0.62.82
• linux-image-gke - 4.15.0.1042.56
• linux-image-lowlatency-hwe-16.04 - 4.15.0.62.82
• linux-image-oem - 4.15.0.62.82
• linux-image-oracle - 4.15.0.1023.17
• linux-image-virtual-hwe-16.04 - 4.15.0.62.82

Applying these updates is not as important as doing it last week. The original patches corrected the 28 bugs mentioned, while these avoid a crash. What is relatively important is to apply these patches if those from last week have already been applied, since we could experience the crash mentioned in the new report. In any case, Bionic Beavers and Xenial Xeruses, update.