14 DAY TRIAL // Canonical released today a new Linux kernel security update, this time for users of the Ubuntu 18.04.2 LTS operating system using the Linux 5.0 HWE (Hardware Enablement) kernel from Ubuntu 19.04.
This Linux Hardware Enablement (HWE) kernel from Ubuntu 19.04 for Ubuntu 18.04.2 LTS includes the same fixes for four security flaws that Canonical added in the lastest kernel for Ubuntu 19.04 last week, including an integer overflow (CVE-2019-11487) discovered in Linux kernel, which could lead to use-after-free issues as local attackers were able to use the exploit to execute arbitrary code or cause a denial of service (system crash).
Additionally, the security patch addresses a race condition (CVE-2019-11599) discovered by Google Project Zero's Jann Horn in Linux kernel when performing core dumps, which could allow a local attacker to expose sensitive information or crash the system by causing a denial of service (DoS attack).
Also fixed are two issues (CVE-2019-11833 and CVE-2019-11884) discovered in Linux kernel's EXT4 file system implementation and Bluetooth Human Interface Device Protocol (HIDP) implementation, both of each could allow a local attacker to expose sensitive information (kernel memory).
Users are urged to update their systems immediately
If you are using the Ubuntu 18.04.2 LTS (Bionic Beaver) operating system with the Linux 5.0 kernel from Ubuntu 19.04 (Disco Dingo), Canonical urges you to update the kernel packages as soon as possible to linux-image 5.0.0-23.24~18.04.1. To update your systems, please follow the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades.
Once again, please keep in mind that this kernel release is only available for Ubuntu 18.04.2 LTS users who use the Linux (HWE) kernel from Ubuntu 19.04. After installing the new kernel version, you will have to reboot your computer for the patches above to be applied correctly. Also, you may have to rebuild and reinstall any third-party kernel modules you might have installed.