Linux News Today: New Linux Kernel Vulnerabilities Fixed in Ubuntu 15.04, Users Urged to Update Now
After announcing the release of a new kernel update for Ubuntu 14.04 LTS (Trusty Tahr), Canonical announced on September 29 that it patched two kernel vulnerabilities in the Ubuntu 15.04 (Vivid Vervet) operating system.
The first kernel vulnerability patched in Ubuntu 15.04 has been discovered by Benjamin Randazzo and it is related to an information leak in Linux kernel’s md (multiple devices) driver, which could allow a privileged, local attacker to retrieve sensitive information from the kernel.
The second security flaw was discovered by Marc-André Lureau in Linux kernel’s vhost driver, which did not correctly release the userspace stored log file descriptor, allowing privileged attackers to cause a DoS (Denial of Service) attack.
“A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.04. Several security issues were fixed in the kernel. The problem can be corrected by updating your system to the following package version,” says Canonical in the Ubuntu Security Notice USN-2752-1.
Details about the two kernel vulnerabilities can be found on the CVE-2015-5697 and CVE-2015-6252 security notices, which we recommend to read because they affect other GNU/Linux operating systems as well. Please note that the security flaws affect all Ubuntu 15.04 flavors and their derivatives running Linux kernel 3.19.
Canonical urges users of Ubuntu 15.04 to update their kernel packages as soon as possible. The update is now live in the distribution’s repositories, so all you have to do to update is run the Software Updater utility and apply all available updates. Don’t forget to reboot your machine once the update process finishes.