0

Canonical Patches Four Linux Kernel Vulnerabilities for Ubuntu 15.04 and 14.04 LTS

Today, December 17, Canonical published several security announcements about the availability of new kernel versions for all of its supported Ubuntu Linux operating systems.

While Ubuntu 15.10 (Wily Werewolf), Ubuntu 15.04 (Vivid Vervet) and Ubuntu 14.04 LTS(Trusty Tahr) received major kernel updates that fix up to five security vulnerabilities discovered recently in the upstream Linux kernel packages of each Ubuntu OS, the Ubuntu 12.04 LTS (Precise Pangolin) operating system had only two security issues patched.

For all supported Ubuntu OSes, Canonical writes in the security notice that Linux kernel’s KVM (Kernel-based Virtual Machine) svm hypervisor implementation could not correctly catch debug exceptions on AMD CPUs, which could allow an attacker that had access to the guest virtual machine to crash the system by causing a denial of service.

Only for Ubuntu 15.10, Ubuntu 15.04 and Ubuntu 14.04 LTS, there was an issue in Linux kernel’s PPP implementation, which didn’t ensure the validity of certain slot numbers, allowing a local attacker that had access to call ioctl() on /dev/ppp to crash the system by causing a denial of service.

Also for the three Ubuntu versions mentioned above, today’s kernel updates fix a security flaw discovered recently in the Linux kernel driver for ClassicBoard and Digi Neo devices, which couldn’t correctly initialize data structures, thus allowing a local attacker to get delicate information from the kernel.

All users are urged to update as soon as possible

On the other hand, only for Ubuntu 15.10 and Ubuntu 15.04, Canonical patches a security flaw discovered recently in Linux kernel’s virtual video osd test driver, which was not capable of initializing data structures, allowing a local attacker to retrieve important information from the kernel.

If you’re using Ubuntu 15.10 (Wily Werewolf), Ubuntu 15.04 (Vivid Vervet), Ubuntu 14.04 LTS (Trusty Tahr) or Ubuntu 12.04 LTS (Precise Pangolin), please update your system(s) as soon as possible to the new kernel versions, linux-image-4.2.0-21 (4.2.0-21.25) for Ubuntu 15.10, linux-image-3.19.0-41 (3.19.0-41.46) for Ubuntu 15.04, linux-image-3.13.0-73 (3.13.0-73.116) for Ubuntu 14.04 LTS and linux-image-3.2.0-96 (3.2.0-96.136) for Ubuntu 12.04 LTS.

To update, run the Software Updater utility, wait for it to refresh the software repositories and fetch new updates, and then hit the “Update All” button to apply all available updates. Please note that you will need to reboot your system after a kernel update, as well as to rebuild any third-party kernel module(s) you might have installed. More details can be found at https://wiki.ubuntu.com/Security/Upgrades.

 canonical-patches-four-linux-kernel-vulnerabilities-for-ubuntu-15-04-and-14-04-lts-497791-2

root

Leave a Reply

Your email address will not be published. Required fields are marked *

*