The Complete Magazine on Open Source

Canonical patches important kernel vulnerabilities in Ubuntu

SHARE
/ 3585 0

Canonical fixes Ubuntu vulnerabilities

Canonical has released a security patch addressing some crucial security flaws. The update fixes as many as five critical security issues affecting different Ubuntu variants.

The list of eligible software versions for the latest update includes Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10 LTS and Ubuntu derivates like Kubuntu, Lubuntu, Ubuntu MATE, Xubuntu, Ubuntu GNOME and Ubuntu Kylin. The update also addresses some minor issues affecting the Ubuntu build for Raspberry Pi 64-bit and 32-bit variants.

One of the important fix addresses the vulnerability that was hidden under the kernel’s keyring interface. The buffer overflow was observed while displaying timeout events via proc/keys that brought a vulnerability to lets a local attacker crash the system by denial of service attack. Another notable bug fix is related to the handling of anonymous pages in Linux kernel’s memory manager, which could allow a local attacker to get administrative privileges to cause a denial of service.

Alongside the two major changes, the update brings an important fix for x86 machines that allows attackers to crash the guest system by leveraging x86 paravirtualised guests option. The critical issue reported particularly for Ubuntu 12.04 LTS is related a use-after-free vulnerability that enabled an attacker to execute arbitrary code to crash the system.

All the Ubuntu users are advised to perform the update as soon as possible. The fixes will be applied after reboot.