Ubuntu 6311 Published by

The following updates has been released for Ubuntu Linux:

USN-3777-3: Linux kernel (Azure) vulnerabilities
USN-3790-2: Requests vulnerability
USN-3792-3: Net-SNMP vulnerability
USN-3795-2: libssh vulnerability
USN-3796-3: Paramiko vulnerability
USN-3797-1: Linux kernel vulnerabilities
USN-3797-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3798-1: Linux kernel vulnerabilities
USN-3798-2: Linux kernel (Trusty HWE) vulnerabilities



USN-3777-3: Linux kernel (Azure) vulnerabilities


=========================================================================
Ubuntu Security Notice USN-3777-3
October 23, 2018

linux-azure vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
%LTS. This update provides the corresponding updates for the
Linux kernel for Azure Cloud systems.

Jann Horn discovered that the vmacache subsystem did not properly handle
sequence number overflows, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code. (CVE-2018-17182)

It was discovered that the paravirtualization implementation in the Linux
kernel did not properly handle some indirect calls, reducing the
effectiveness of Spectre v2 mitigations for paravirtual guests. A local
attacker could use this to expose sensitive information. (CVE-2018-15594)

It was discovered that microprocessors utilizing speculative execution and
prediction of return addresses via Return Stack Buffer (RSB) may allow
unauthorized memory reads via sidechannel attacks. An attacker could use
this to expose sensitive information. (CVE-2018-15572)

Jann Horn discovered that microprocessors utilizing speculative execution
and branch prediction may allow unauthorized memory reads via sidechannel
attacks. This flaw is known as Spectre. A local attacker could use this to
expose sensitive information, including kernel memory. (CVE-2017-5715)

It was discovered that a stack-based buffer overflow existed in the iSCSI
target implementation of the Linux kernel. A remote attacker could use this
to cause a denial of service (system crash). (CVE-2018-14633)

Jann Horn and Ken Johnson discovered that microprocessors utilizing
speculative execution of a memory read may allow unauthorized memory reads
via a sidechannel attack. This flaw is known as Spectre Variant 4. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2018-3639)

It was discovered that a memory leak existed in the IRDA subsystem of the
Linux kernel. A local attacker could use this to cause a denial of service
(kernel memory exhaustion). (CVE-2018-6554)

It was discovered that a use-after-free vulnerability existed in the IRDA
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2018-6555)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
linux-image-4.15.0-1025-azure 4.15.0-1025.26
linux-image-azure 4.15.0.1025.25

Ubuntu 16.04 LTS:
linux-image-4.15.0-1025-azure 4.15.0-1025.26~16.04.1
linux-image-azure 4.15.0.1025.31

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/usn/usn-3777-3
https://usn.ubuntu.com/usn/usn-3777-1
CVE-2017-5715, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594,
CVE-2018-17182, CVE-2018-3639, CVE-2018-6554, CVE-2018-6555

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1025.26
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1025.26~16.04.1

USN-3790-2: Requests vulnerability


==========================================================================
Ubuntu Security Notice USN-3790-2
October 22, 2018

requests vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10

Summary:

Requests could be made to expose sensitive information if it
received a specially crafted HTTP header.

Software Description:
- requests: elegant and simple HTTP library for Python

Details:

USN-3790-1 fixed vulnerabilities in Requests. This update provides
the corresponding update for Ubuntu 18.10

Original advisory details:

 It was discovered that Requests incorrectly handled certain HTTP
 headers. An attacker could possibly use this issue to access sensitive
 information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  python-requests 2.18.4-2ubuntu0.18.10.1
  python3-requests 2.18.4-2ubuntu0.18.10.1

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3790-2
  https://usn.ubuntu.com/usn/usn-3790-1
  CVE-2018-18074

Package Information:
  https://launchpad.net/ubuntu/+source/requests/2.18.4-2ubuntu0.18.10.1

USN-3792-3: Net-SNMP vulnerability


==========================================================================
Ubuntu Security Notice USN-3792-3
October 22, 2018

net-snmp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10

Summary:

Net-SNMP could be made to crash if it received specially crafted network
traffic.

Software Description:
- net-snmp: SNMP (Simple Network Management Protocol) server and applications

Details:

USN-3792-1 fixed a vulnerability in Net-SNMP. This update provides the
corresponding update for Ubuntu 18.10.

Original advisory details:

It was discovered that Net-SNMP incorrectly handled certain certain crafted
packets. A remote attacker could possibly use this issue to cause Net-SNMP
to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
libsnmp30 5.7.3+dfsg-1.8ubuntu3.18.10.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3792-3
https://usn.ubuntu.com/usn/usn-3792-1
CVE-2018-18065

Package Information:
https://launchpad.net/ubuntu/+source/net-snmp/5.7.3+dfsg-1.8ubuntu3.18.10.1

USN-3795-2: libssh vulnerability

==========================================================================
Ubuntu Security Notice USN-3795-2
October 22, 2018

libssh vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10

Summary:

libssh could allow unintended access to network services.

Software Description:
- libssh: A tiny C SSH library

Details:

USN-3795-1 fixed a vulnerability in libssh. This update provides the
corresponding update for Ubuntu 18.10.

Original advisory details:

Peter Winter-Smith discovered that libssh incorrectly handled
authentication when being used as a server. A remote attacker could use
this issue to bypass authentication without any credentials.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
libssh-4 0.8.1-1ubuntu0.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3795-2
https://usn.ubuntu.com/usn/usn-3795-1
CVE-2018-10933

Package Information:
https://launchpad.net/ubuntu/+source/libssh/0.8.1-1ubuntu0.1

USN-3796-3: Paramiko vulnerability


==========================================================================
Ubuntu Security Notice USN-3796-3
October 22, 2018

paramiko vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.10

Summary:

Paramiko could allow unintended access to network services.

Software Description:
- paramiko: Python SSH2 library

Details:

USN-3796-1 fixed a vulnerability in Paramiko. This update provides the
corresponding update for Ubuntu 18.10.

Original advisory details:

Daniel Hoffman discovered that Paramiko incorrectly handled authentication
when being used as a server. A remote attacker could use this issue to
bypass authentication without any credentials.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
python-paramiko 2.4.1-0ubuntu3.1
python3-paramiko 2.4.1-0ubuntu3.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3796-3
https://usn.ubuntu.com/usn/usn-3796-1
CVE-2018-1000805

Package Information:
https://launchpad.net/ubuntu/+source/paramiko/2.4.1-0ubuntu3.1

USN-3797-1: Linux kernel vulnerabilities


=========================================================================
Ubuntu Security Notice USN-3797-1
October 23, 2018

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors

Details:

Noam Rathaus discovered that a use-after-free vulnerability existed in the
Infiniband implementation in the Linux kernel. An attacker could use this
to cause a denial of service (system crash). (CVE-2018-14734)

It was discovered that an integer overflow existed in the CD-ROM driver of
the Linux kernel. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-16658)

It was discovered that an integer overflow existed in the HID Bluetooth
implementation in the Linux kernel that could lead to a buffer overwrite.
An attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-9363)

Yves Younan discovered that the CIPSO labeling implementation in the Linux
kernel did not properly handle IP header options in some situations. A
remote attacker could use this to specially craft network traffic that
could cause a denial of service (infinite loop). (CVE-2018-10938)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
linux-image-4.4.0-1036-kvm 4.4.0-1036.42
linux-image-4.4.0-1070-aws 4.4.0-1070.80
linux-image-4.4.0-1099-raspi2 4.4.0-1099.107
linux-image-4.4.0-1103-snapdragon 4.4.0-1103.108
linux-image-4.4.0-138-generic 4.4.0-138.164
linux-image-4.4.0-138-generic-lpae 4.4.0-138.164
linux-image-4.4.0-138-lowlatency 4.4.0-138.164
linux-image-4.4.0-138-powerpc-e500mc 4.4.0-138.164
linux-image-4.4.0-138-powerpc-smp 4.4.0-138.164
linux-image-4.4.0-138-powerpc64-emb 4.4.0-138.164
linux-image-4.4.0-138-powerpc64-smp 4.4.0-138.164
linux-image-aws 4.4.0.1070.72
linux-image-generic 4.4.0.138.144
linux-image-generic-lpae 4.4.0.138.144
linux-image-kvm 4.4.0.1036.35
linux-image-lowlatency 4.4.0.138.144
linux-image-powerpc-e500mc 4.4.0.138.144
linux-image-powerpc-smp 4.4.0.138.144
linux-image-powerpc64-emb 4.4.0.138.144
linux-image-powerpc64-smp 4.4.0.138.144
linux-image-raspi2 4.4.0.1099.99
linux-image-snapdragon 4.4.0.1103.95

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/usn/usn-3797-1
CVE-2018-10938, CVE-2018-14734, CVE-2018-16658, CVE-2018-9363

Package Information:
https://launchpad.net/ubuntu/+source/linux/4.4.0-138.164
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1070.80
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1036.42
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1099.107
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1103.108

USN-3797-2: Linux kernel (Xenial HWE) vulnerabilities


=========================================================================
Ubuntu Security Notice USN-3797-2
October 23, 2018

linux-lts-xenial, linux-aws vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

USN-3797-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

Noam Rathaus discovered that a use-after-free vulnerability existed in the
Infiniband implementation in the Linux kernel. An attacker could use this
to cause a denial of service (system crash). (CVE-2018-14734)

It was discovered that an integer overflow existed in the CD-ROM driver of
the Linux kernel. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2018-16658)

It was discovered that a integer overflow existed in the HID Bluetooth
implementation in the Linux kernel that could lead to a buffer overwrite.
An attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2018-9363)

Yves Younan discovered that the CIPSO labeling implementation in the Linux
kernel did not properly handle IP header options in some situations. A
remote attacker could use this to specially craft network traffic that
could cause a denial of service (infinite loop). (CVE-2018-10938)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-4.4.0-1032-aws 4.4.0-1032.35
linux-image-4.4.0-138-generic 4.4.0-138.164~14.04.1
linux-image-4.4.0-138-generic-lpae 4.4.0-138.164~14.04.1
linux-image-4.4.0-138-lowlatency 4.4.0-138.164~14.04.1
linux-image-4.4.0-138-powerpc-e500mc 4.4.0-138.164~14.04.1
linux-image-4.4.0-138-powerpc-smp 4.4.0-138.164~14.04.1
linux-image-4.4.0-138-powerpc64-emb 4.4.0-138.164~14.04.1
linux-image-4.4.0-138-powerpc64-smp 4.4.0-138.164~14.04.1
linux-image-aws 4.4.0.1032.32
linux-image-generic-lpae-lts-xenial 4.4.0.138.118
linux-image-generic-lts-xenial 4.4.0.138.118
linux-image-lowlatency-lts-xenial 4.4.0.138.118
linux-image-powerpc-e500mc-lts-xenial 4.4.0.138.118
linux-image-powerpc-smp-lts-xenial 4.4.0.138.118
linux-image-powerpc64-emb-lts-xenial 4.4.0.138.118
linux-image-powerpc64-smp-lts-xenial 4.4.0.138.118

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/usn/usn-3797-2
https://usn.ubuntu.com/usn/usn-3797-1
CVE-2018-10938, CVE-2018-14734, CVE-2018-16658, CVE-2018-9363

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1032.35
https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-138.164~14.04.1

USN-3798-1: Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3798-1
October 23, 2018

linux vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel

Details:

Dmitry Vyukov discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
negatively instantiated. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2015-8539)

It was discovered that a use-after-free vulnerability existed in the device
driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-7913)

Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬)
discovered a race condition in the generic SCSI driver (sg) of the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-0794)

Eric Biggers discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
uninstantiated. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)

It was discovered that a NULL pointer dereference could be triggered in the
OCFS2 file system implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2017-18216)

Luo Quan and Wei Yang discovered that a race condition existed in the
Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when
handling ioctl()s. A local attacker could use this to cause a denial of
service (system deadlock). (CVE-2018-1000004)

范龙飞 discovered that a race condition existed in the Advanced Linux
Sound Architecture (ALSA) subsystem of the Linux kernel that could lead to
a use- after-free or an out-of-bounds buffer access. A local attacker with
access to /dev/snd/seq could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-7566)

It was discovered that a buffer overflow existed in the NFC Logical Link
Control Protocol (llcp) implementation in the Linux kernel. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-9518)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
linux-image-3.13.0-161-generic 3.13.0-161.211
linux-image-3.13.0-161-generic-lpae 3.13.0-161.211
linux-image-3.13.0-161-lowlatency 3.13.0-161.211
linux-image-3.13.0-161-powerpc-e500 3.13.0-161.211
linux-image-3.13.0-161-powerpc-e500mc 3.13.0-161.211
linux-image-3.13.0-161-powerpc-smp 3.13.0-161.211
linux-image-3.13.0-161-powerpc64-emb 3.13.0-161.211
linux-image-3.13.0-161-powerpc64-smp 3.13.0-161.211
linux-image-generic 3.13.0.161.171
linux-image-generic-lpae 3.13.0.161.171
linux-image-highbank 3.13.0.161.171
linux-image-lowlatency 3.13.0.161.171
linux-image-powerpc-e500 3.13.0.161.171
linux-image-powerpc-e500mc 3.13.0.161.171
linux-image-powerpc-smp 3.13.0.161.171
linux-image-powerpc64-emb 3.13.0.161.171
linux-image-powerpc64-smp 3.13.0.161.171

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/usn/usn-3798-1
CVE-2015-8539, CVE-2016-7913, CVE-2017-0794, CVE-2017-15299,
CVE-2017-18216, CVE-2018-1000004, CVE-2018-7566, CVE-2018-9518

Package Information:
https://launchpad.net/ubuntu/+source/linux/3.13.0-161.211

USN-3798-2: Linux kernel (Trusty HWE) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-3798-2
October 23, 2018

linux-lts-trusty vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM

Details:

USN-3798-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

Dmitry Vyukov discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
negatively instantiated. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2015-8539)

It was discovered that a use-after-free vulnerability existed in the device
driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2016-7913)

Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬)
discovered a race condition in the generic SCSI driver (sg) of the Linux
kernel. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2017-0794)

Eric Biggers discovered that the key management subsystem in the Linux
kernel did not properly restrict adding a key that already exists but is
uninstantiated. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2017-15299)

It was discovered that a NULL pointer dereference could be triggered in the
OCFS2 file system implementation in the Linux kernel. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2017-18216)

Luo Quan and Wei Yang discovered that a race condition existed in the
Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when
handling ioctl()s. A local attacker could use this to cause a denial of
service (system deadlock). (CVE-2018-1000004)

范龙飞 discovered that a race condition existed in the Advanced Linux
Sound Architecture (ALSA) subsystem of the Linux kernel that could lead to
a use- after-free or an out-of-bounds buffer access. A local attacker with
access to /dev/snd/seq could use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2018-7566)

It was discovered that a buffer overflow existed in the NFC Logical Link
Control Protocol (llcp) implementation in the Linux kernel. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-9518)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
linux-image-3.13.0-161-generic 3.13.0-161.211~precise1
linux-image-3.13.0-161-generic-lpae 3.13.0-161.211~precise1
linux-image-generic-lpae-lts-trusty 3.13.0.161.151
linux-image-generic-lts-trusty 3.13.0.161.151

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://usn.ubuntu.com/usn/usn-3798-2
https://usn.ubuntu.com/usn/usn-3798-1
CVE-2015-8539, CVE-2016-7913, CVE-2017-0794, CVE-2017-15299,
CVE-2017-18216, CVE-2018-1000004, CVE-2018-7566, CVE-2018-9518