Linux News Today: Canonical Patches Two Linux Kernel Vulnerabilities in Ubuntu 14.04 LTS
Just a few moments ago, Canonical has announced that a new kernel update is available for its current long-term supported Ubuntu Linux operating system, Ubuntu 14.04 LTS (Trusty Tahr), patching two critical issues discovered by various developers.
According to Ubuntu Security Notice USN-2748-1, it appears that an information leak was discovered in the Linux kernel’s md (multiple devices) driver, allowing privileged, local attackers to retrieve sensitive information from the kernel. The issue has been discovered by Benjamin Randazzo.
Moreover, it was discovered that Linux kernel’s vhost driver didn’t properly release the userspace stored log file descriptor, which could allow a privileged attacker to cause a denial of service (DoS). This security flaw was discovered by Marc-André Lureau. More details can be found by reading the CVE-2015-5697 and CVE-2015-6252 security notices.
These two security flaws affect all the Ubuntu 14.04 LTS (Trusty Tahr) releases that run the Linux 3.13 kernel packages, including all of their derivatives. Please read the above notices because they affect other Linux OSes that run Linux kernel 3.13 as well. Canonical urges users to update their kernels as soon as possible.
To update, run the Software Updater utility, apply all available updates, and reboot your machine. After restart, make sure that your Ubuntu 14.04 LTS’ kernel packages match linux-image-3.13.0-65 (3.13.0-65.105) by running the “uname -a” command in the Terminal app.