2

The bug has been patched in the Linux kernel 5.0.8 version, according to the news. What about the kernel version 4.15.0-50-generic? How to check a given kernel to find out whether CVE-2019-11815 has been patched? How to patch the CVE-2019-11815 bug in Ubuntu 18.04.2 LTS with the kernel version 4.15.0-50-generic?

viDim
  • 33
  • 1
  • 7
  • There is no answer to my question here: https://askubuntu.com/questions/563408/how-can-i-tell-if-a-cve-has-been-fixed-in-ubuntus-repositories because that question is not similar to mine at all. The answers given below are much more relevant to my question. This question is about a specific kernel version. The question is unique. The accusation is unfounded because the proof not valid. – viDim May 16 '19 at 00:51

3 Answers3

1

This affects all Linux kernels prior to 5.0.8 — therefore, it will affect version 4.15.0. It is currently being patched by the Ubuntu security team. For more details, check out the Ubuntu CVE Tracker page on CVE-2019-11815.

Eate
  • 423
  • 1
  • 3
  • 15
  • So, a fix will be available in the repositories for any package mentioned on this page, when it will state "released" instead of "needs-triage" next to the "Ubuntu 18.04 LTS (Bionic Beaver):" for that package? – viDim May 15 '19 at 00:12
  • I don't know when it will be fixed, but you can expect this to be patched within the next few weeks. – Eate May 15 '19 at 00:14
  • Maybe you can answer this too? https://askubuntu.com/questions/1142525/config-regex-for-fail2ban-to-catch-pregreeters-in-mail-log – viDim May 15 '19 at 00:22
1

This question has been nagging me for a long time: How do I map Linux Kernels to Ubuntu Kernels? Unfortunately I'm no closer today to that answer than I was back then.

So below is my best guess for you.

Go to: https://kernel.ubuntu.com/~kernel-ppa/mainline and sort by date by clicking column header. Sort again for descending order and scroll until you see 5.0.8:

mainline kernel after 5.0.8.png

  • Everything released after 5.0.8 will presumably have CVE-2019-11815 patch applied.
  • 5.0.8 was compiled on the Ubuntu Kernel Farm on April 15, 2019.
  • Personally I've downloaded and installed 4.14.114 LTS kernel compiled on April 27, 2019 so it would have the patch applied.

So the big question is what date was your kernel 4.15.0-50 compiled?

Look in /boot directory at my 4.14.114 as an example:

$ ll /boot/*4.14.114*
-rw-r--r-- 1 root root   213788 Apr 27 04:08 /boot/config-4.14.114-0414114-generic
-rw-r--r-- 1 root root 63203180 Apr 29 19:43 /boot/initrd.img-4.14.114-0414114-generic
-rw------- 1 root root  3983979 Apr 27 04:08 /boot/System.map-4.14.114-0414114-generic
-rw------- 1 root root  8681248 May 12 10:37 /boot/vmlinuz-4.14.114-0414114-generic

Firstly ignore /boot/vmlinuz-4.14.114-0414114-generic because my grub boot flags the last time each kernel was booted so the date May 12 2019 is bogus for your purpose.

The file /boot/vmlinuz-4.14.114-0414114-generic or /boot/System.map-4.14.114-0414114-generic should tell you the time your kernel was released. If after April 15, 2019 you should have the desired patch applied.

The remaining file /boot/initrd.img-4.14.114-0414114-generic should be the date the kernel was installed on your system.

Of course you will replace 4.14.114 above with 4.15.0!!!

There is also a publication linking Ubuntu kernel release numbers to stable Linux kernel release numbers but I find it confusing. If you figure it out please post an answer.

WinEunuuchs2Unix
  • 99,709
  • 34
  • 237
  • 401
  • Have you written a regex for a fail2ban config file? https://askubuntu.com/questions/1142525/config-regex-for-fail2ban-to-catch-pregreeters-in-mail-log – viDim May 15 '19 at 00:49
  • @viDim Unfortunately I'm not that good with Regex yet. Plus I'm sorry to say I really don't understand what the link is asking... – WinEunuuchs2Unix May 15 '19 at 01:11
  • I edited the question about regex. Maybe somebody knows how to write regex for fail2ban config files. https://askubuntu.com/questions/1142525/regex-for-fail2ban-config-file-to-match-pregreet-lines-in-mail-log – viDim May 15 '19 at 02:23
  • I don't use `fail2ban` nor do I have a Web Server so wouldn't have a clue if there was a better way to solve your problem. – WinEunuuchs2Unix May 15 '19 at 02:31
1

You can see the change log of this update on https://launchpad.net/ubuntu/+source/linux/4.15.0-50.54

OS GYN
  • 26
  • 1