The Complete Magazine on Open Source

Canonical patches Ubuntu vulnerabilities through new updates

2.61K 0

Ubuntu 16.10 Yakkety Yak

Canonical has released some new kernel updates to fix vulnerabilities within its Ubuntu platform. The versions that are affected by the security issues include Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS and 16.10.

Through six distinct security notices on its website, Canonical revealed the vulnerabilities. The company confirms that the security holes exist across many Ubuntu flavours such as Kubuntu, Xubuntu and Ubuntu MATE in addition to the original Ubuntu versions.

Ubuntu 12.04 LTS and 14.04 LTS includes security flaw CVE-2016-9555. It is available within Linux kernel’s SCTP implementation and makes the platform improperly handle validation of incoming data that could result in denial of service (DoS) attack. The Ubuntu 12.04 LTS build also includes multiple memory leaks within the XFS file system support.

In Ubuntu 16.04 LTS and Ubuntu 16.10, the Canonical team has found two major security issues. The first vulnerability documented as CVE-2016-10147 is hidden in the asynchronous multibuffer cryptographic daemon of Linux kernel. It lets attackers crash the system via a DoS attack.

Noted as CVE-2016-8399, the second issue is available in Linux kernel’s Internet Control Message Protocol (ICMP) implementation. It gives CAP_NET_ADMIN privileges to local attacker to expose sensitive information.

Ubuntu 16.10 also includes vulnerabilities CVE-2016-10150, CVE-2016-8632 and CVE-2016-9777. These loopwholes can bring DoS attack to Ubuntu systems as well as crash the system or let attackers gain administrative privileges in the host operating system.

You can install the latest Ubuntu updates to patch the reported vulnerabilities. Once installed, make sure to reboot your system.