Linux News Today: Canonical Patches Two Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS (Trusty Tahr)
Canonical has announced that a new kernel update is now live in the default software repositories of the Ubuntu 14.04 LTS (Trusty Tahr) operating system, urging users to update as soon as possible.
According to the security notice, two Linux kernel vulnerabilities have been fixed in the Linux 3.13 kernel packages of Ubuntu 14.04 LTS, which means that it does not affect the recent point release of the distribution, such as Ubuntu 14.04.3 LTS, which runs on a kernel from the Linux 3.19 series.
The first security flaw was discovered in Linux kernel’s SCTP (Stream Control Transmission Protocol) implementation, which conducted a wrong sequence of protocol-initialization steps, allowing a local attacker to crash the system by causing a denial of service (DoS). More details can be found at CVE-2015-5283.
The second kernel vulnerability was discovered by Dmitry Vyukov in Linux kernel’s keyring handler, which tried to garbage collect incompletely instantiated keys, allowing an unprivileged local attacker to crash the system by causing a denial of service (DoS). More details can be found at CVE-2015-7872.
To fix the issues mentioned above, Canonical urges all users of the Ubuntu 14.04 LTS (Trusty Tahr) operating system to update their kernel packages to version linux-image-3.13.0-71 (3.13.0-71.114) on all supported hardware platforms, including 32-bit, 64-bit, PowerPC, and PPC64.
To update, please open the Software Updater utility from the Unity Dash, wait for the application to reload the software search and find new updates, and then press the “Update” button to apply all available updates. Please note that after a kernel update you must restart your computer.