Linux News Today: Canonical Patches Two Linux Kernel Vulnerabilities in Ubuntu 12.04 LTS
Canonical announced earlier today, October 20, that they’ve released updated kernel packages for the Ubuntu 12.04 LTS (Precise Pangolin) operating system, patching two security vulnerabilities.
The first security flaw was discovered in Linux kernel’s virtio networking, which wasn’t capable of correctly handling fragments, thus leading to kernel memory corruption. This could allow a remote attacker to crash the system by causing a denial of service, or execute code as root. More details can be found at CVE-2015-5156.
The second kernel vulnerability has been discovered in Linux kernel’s RDS (Reliable Datagram Sockets) implementation, which was not capable to properly verify sockets before sending a message. This could allow an attacker to crash the system by causing a denial of service (DoS). More details can be found at CVE-2015-6937.
Canonical urges all users of the Ubuntu 12.04 LTS (Precise Pangolin) operating system, as well as all of its derivatives, including Kubuntu, Xubuntu, Lubuntu, etc., to update the kernel packages as soon as possible. The new kernel version is now live on the main software repositories.
To update, run the Software Updater utility, wait for the repositories to be refreshed, then apply all available updates. A kernel update requires you to reboot your computer. After reboot, make sure that the new kernel version is linux-image-3.2.0-92 (3.2.0-92.130) by running the “uname -a” command in the Terminal app (without quotes).