CVE-2019-19813
Published: 17 December 2019
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c.
From the Ubuntu security team
It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash).
Priority
Low
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
linux Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-9.12)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-109.110)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-201.233)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Ignored
(was needs-triage ESM criteria)
|
|
|
Patches: Introduced by 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Fixed by 6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592 |
||
|
linux-aws Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1077.81)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-1121.135)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(4.4.0-1085.89)
|
|
|
linux-aws-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-aws-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1016.17~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-aws-5.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.4.0-1018.18~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-aws-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.15.0-1079.83~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-azure Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1006.6)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.15.0-1091.101~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(4.15.0-1091.101~14.04.1)
|
|
|
linux-azure-4.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1091.101)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-azure-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1007.8~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-azure-5.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.4.0-1020.20~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-azure-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-dell300x Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(4.15.0-1005.8)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gcp Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.15.0-1080.90~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gcp-4.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1080.90)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gcp-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1008.9~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gcp-5.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.4.0-1019.19~18.04.2)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gcp-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gke-4.15 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1066.69)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gke-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needed now end-of-life)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gke-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gke-5.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.4.0-1025.25~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gkeop Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1008.9)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-gkeop-5.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.4.0-1001.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-hwe Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(5.3.0-26.28~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.15.0-112.113~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-hwe-5.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.4.0-37.41~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-hwe-5.8 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.8.0-23.24~20.04.1)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-kvm Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1004.4)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1069.70)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-1087.96)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-lts-trusty Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(4.4.0-201.233~14.04.1)
|
|
|
linux-oem Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1091.101)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oem-5.10 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.10.0-1008.9)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oem-5.6 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.6.0-1007.7)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oem-osp1 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needed now end-of-life)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oracle Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1005.5)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1048.52)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.15.0-1050.54~16.04.1)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oracle-5.0 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oracle-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1011.12~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-oracle-5.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.4.0-1019.19~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-raspi Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-1007.7)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-raspi-5.4 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.4.0-1013.13~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Ignored
(was needs-triage now end-of-life)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1065.69)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-1145.155)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-raspi2-5.3 Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Not vulnerable
(5.3.0-1017.19~18.04.1)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-riscv Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Not vulnerable
(5.4.0-24.28)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
Upstream |
Released
(5.2~rc1)
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Released
(4.15.0-1083.91)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Released
(4.4.0-1149.159)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
Notes
| Author | Note |
|---|---|
| tyhicks | As of 2020-01-09, no upstream fix is available |
| sbeattie | upstream developer asserts in suse bug that the enhanced btrfs tree-checker addresses this issue, which was backported to at least the 4.4 kernel. |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19813
- https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19813
- https://ubuntu.com/security/notices/USN-4414-1
- https://ubuntu.com/security/notices/USN-4709-1
- https://ubuntu.com/security/notices/USN-4708-1
- NVD
- Launchpad
- Debian