Linux News Today: Canonical Patches Two Linux Kernel Vulnerabilities in Ubuntu 15.04 (Vivid Vervet)
We reported earlier this week that Canonical has pushed a new kernel update in the default software repositories of the Ubuntu 14.04 LTS (Trusty Tahr) operating system, patching two security flaws discovered in the upstream Linux 3.13 kernel.
On December 4, 2015, Canonical published another Ubuntu Security Notice to inform users of Ubuntu 15.04 (Vivid Vervet) about the availability of a kernel update for their operating systems, which patches the same security flaws that have been resolved for Ubuntu 14.04 LTS, affecting the Linux kernel 3.19 packages this time.
According to Canonical’s Ubuntu Security Notice USN-2829-1, the first kernel vulnerability was discovered in Linux kernel’s Stream Control Transmission Protocol (SCTP) implementation, which wasn’t able to correctly follow the protocol-initialization steps, allowing local attackers to crash the system via a denial of service.
On the other hand, the security notice mentions that the second flaw has been discovered by Linux kernel’s keyring handler, which attempted to garbage collect incompletely instantiated keys, allowing unprivileged local attackers to crash the system via a denial of service. The issue was discovered by Dmitry Vyukov.
Both security issues can be fixed if users of the Ubuntu 15.04 (Vivid Vervet) operating systems update their kernel packages to version linux-image-3.19.0-39 (3.19.0-39.44). Please note that all supported hardware platforms are affected, including 64-bit, 32-bit, PPC and PPC64.
To update your system, you need to open the Software Updater utility from the Unity Dash and apply all available updates immediately after the application finished loading them from the main server. Please keep in mind to reboot your computer after any kernel update.