Just a few minutes ago, January 5, 2016, Canonical published several Ubuntu Security Notices to inform Ubuntu users about the availability of new Linux kernel versions for their operating systems.
According to Ubuntu Security Notice USN-2858-3, USN-2857-1 and USN-2858-1, it would appear that there was an issue with Linux kernel’s OverlayFS implementation, which did not correctly handled setattr operations, thus allowing an unprivileged local attacker to execute arbitrary code as root by creating files with administrative permission attributes. The security issue is documented as CVE-2015-8660.
“Nathan Williams discovered that overlayfs in the Linux kernel incorrectly handled setattr operations. A local unprivileged attacker could use this to create files with administrative permission attributes and execute arbitrary code with elevated privileges,” was stated in today’s Ubuntu Security Notices.
The issue affects the desktop and server kernel of the Ubuntu 15.10 (Wily Werewolf) and Ubuntu 15.04 (Vivid Vervet) operating systems, as well as the Raspberry Pi 2 kernel (linux-raspi2) of Ubuntu 15.10 (Wily Werewolf), and it can be fixed by updating your system to the new kernel versions.
To update, run the Software Updater utility from the Unity Dash. After the update, make sure that you reboot your computer and that you’re using linux-image-4.2.0-23 (4.2.0-23.28) on Ubuntu 15.10, linux-image-3.19.0-43 (3.19.0-43.49) on Ubuntu 15.04, and linux-image-4.2.0-1018-raspi2 4.2.0-1018.25 on Ubuntu 15.10 for Raspberry Pi 2.