Linux News Today: Canonical Patches Critical Kernel Vulnerability in Ubuntu 15.04 and Ubuntu 14.04 LTS
Just a few moments ago, October 5, Canonical published two new Ubuntu Security Notice reports on their website, informing users of Ubuntu 15.04 (Vivid Vervet) and Ubuntu 14.04 LTS (Trusty Tahr) about the availability of a new kernel update.
A single kernel vulnerability was patched in the Linux 3.19 kernel packages of Ubuntu 15.04, as well as Ubuntu 14.04 LTS’ Linux 3.13 kernel, discovered by Dmitry Vyukov. It appears that Linux kernel was not able to correctly initialize the Inter-Process Communication (IPC) object state.
The security flaw could allow a local attacker to gain root access, crash the target system by causing a DoS (Denial of Service) attack, as well as expose confidential information. Both Ubuntu 15.04 (Vivid Vervet) and Ubuntu 14.04 LTS (Trusty Tahr) operating systems (and their derivatives) are affected.
“A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04 and Ubuntu 14.04 LTS. The system could be made to crash or run programs as an administrator,” reads today’s Ubuntu Security Notices USN-2762-1 and USN-2761-1. “The problem can be corrected by updating your system to the following package version.”
Users are urged to update their systems immediately
Canonical urges all users of the Ubuntu 15.04 running Linux kernel 3.19 and Ubuntu 14.04 LTS running Linux kernel 3.13 to update their systems as soon as possible. The new kernel packages are live in the default software repositories of the aforementioned operating systems. To update, you must open the Software Updater utility from the Unity Dash, let the tool check for updates, and then apply all existing updates.
After the update, reboot your computer for the new Linux kernel packages to become active. Then, make sure that your system is matching the linux-image-3.19.0-30 (3.19.0-30.34) for Ubuntu 15.04 (Vivid Vervet) and linux-image-3.13.0-65 (3.13.0-65.106) for Ubuntu 14.04 LTS (Trusty Tahr) by running the “uname -a” command (without quotes) in the Terminal app.