This bug was fixed in the package linux - 5.4.0-42.46
---------------
linux (5.4.0-42.46) focal; urgency=medium
* focal/linux: 5.4.0-42.46 -proposed tracker (LP: #1887069)
* linux 4.15.0-109-generic network DoS regression vs -108 (LP: #1886668)
- SAUCE: Revert "netprio_cgroup: Fix unlimited memory leak of v2 cgroups"
linux (5.4.0-41.45) focal; urgency=medium
* focal/linux: 5.4.0-41.45 -proposed tracker (LP: #1885855)
* Packaging resync (LP: #1786013)
- update dkms package versions
* CVE-2019-19642
- kernel/relay.c: handle alloc_percpu returning NULL in relay_open
* CVE-2019-16089
- SAUCE: nbd_genl_status: null check for nla_nest_start
* CVE-2020-11935
- aufs: do not call i_readcount_inc()
* ip_defrag.sh in net from ubuntu_kernel_selftests failed with 5.0 / 5.3 / 5.4
kernel (LP: #1826848)
- selftests: net: ip_defrag: ignore EPERM
* Update lockdown patches (LP: #1884159)
- SAUCE: acpi: disallow loading configfs acpi tables when locked down
* seccomp_bpf fails on powerpc (LP: #1885757)
- SAUCE: selftests/seccomp: fix ptrace tests on powerpc
* Introduce the new NVIDIA 418-server and 440-server series, and update the
current NVIDIA drivers (LP: #1881137)
- [packaging] add signed modules for the 418-server and the 440-server
flavours
-- Khalid Elmously <khalid.elmou...@canonical.com> Thu, 09 Jul 2020
19:50:26 -0400
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1884159
Title:
Update lockdown patches
Status in linux package in Ubuntu:
Fix Released
Status in linux-oem-osp1 package in Ubuntu:
Invalid
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in linux-oem-osp1 source package in Bionic:
Fix Released
Status in linux source package in Eoan:
Fix Released
Status in linux source package in Focal:
Fix Released
Bug description:
Impact: The lockdown patches have evolved over time, and part of this
was restricting more areas of the kernel. Not all of these additions
were backported, and some can lead to lockdown bypasses, see [1] and
[2].
Fix: Backport newer lockdown restrictions to older releases.
Test Case: Test cases for most of the backports can be found at [3],
and [4] is another test case. Some which need e.g. specific hardware
to test have not been tested.
Regression Potential: Most of these are small, simple fixes with low
potential for regression. Users may also lose access to some
functionality previously accissible under secure boot. Some changes
are more substantial, especially the hw_param and debugfs changes for
xenial, but they are based on well-tested upstream code. The xmon
backports also carry a more moderate risk of regression.
[1] https://lists.ubuntu.com/archives/kernel-team/2020-June/111050.html
[2] https://lore.kernel.org/lkml/20200615104332.901519-1-ja...@zx2c4.com/
[3] https://git.launchpad.net/~sforshee/+git/lockdown-tests
[4]
https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1884159/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
