This repository has been archived by the owner on Mar 16, 2022. It is now read-only.
1.284.0
cf-buildpacks-eng
released this
04 Jun 18:52
·
2 commits
to master
since this release
Notably, this release addresses:
USN-3982-2 USN-3982-2: Linux kernel (Xenial HWE) vulnerabilities:
- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on somemicroprocessors utilizing speculative executionmay allow an authenticated userto potentially enable information disclosure via a side channel with localaccess.
- CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on somemicroprocessors utilizing speculative execution may allow an authenticateduser to potentially enable information disclosure via a side channel withlocal access.
- CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on somemicroprocessors utilizing speculative execution may allow an authenticateduser to potentially enable information disclosure via a side channel withlocal access.
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheablememory on some microprocessors utilizing speculative execution may allow anauthenticated user to potentially enable information disclosure via a sidechannel with local access.
- CVE-2019-3874: The SCTP socket buffer used by a userspace application is not accounted bythe cgroups subsystem. An attacker can use this flaw to cause a denial ofservice attack. Kernel 3.10.x and 4.18.x branches are believed to bevulnerable.
- CVE-2019-3882: A flaw was found in the Linux kernel's vfio interface implementation thatpermits violation of the user's locked memory limit. If a device is boundto a vfio driver, such as vfio-pci, and the local attacker isadministratively granted ownership of the device, it may cause a systemmemory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14and 4.18 are vulnerable.
USN-3983-1 USN-3983-1: Linux kernel vulnerabilities:
- CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on somemicroprocessors utilizing speculative executionmay allow an authenticated userto potentially enable information disclosure via a side channel with localaccess.
- CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on somemicroprocessors utilizing speculative execution may allow an authenticateduser to potentially enable information disclosure via a side channel withlocal access.
- CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on somemicroprocessors utilizing speculative execution may allow an authenticateduser to potentially enable information disclosure via a side channel withlocal access.
- CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheablememory on some microprocessors utilizing speculative execution may allow anauthenticated user to potentially enable information disclosure via a sidechannel with local access.