Linux News Today: Canonical Patches Five New Linux Kernel Vulnerabilities in Ubuntu 15.10
Canonical published today, February 22, 2016, a bunch of new security notices to inform users of the Ubuntu 15.10 and Ubuntu 15.10 for Raspberry Pi 2 operating systems about the availability of new kernel updates.
A total of five kernel vulnerabilities discovered by various hackers and developers in the upstream kernels have been patched in the Linux kernel packages of Ubuntu 15.10 (Wily Werewolf), including those of Ubuntu 15.10 for Raspberry Pi 2.
The first security flaw was discovered in Linux kernel’s OverlayFS file system, which wrongly generated file attributes when it was mounted on top of a FUSE mount, thus allowing an unprivileged local attacker to become root.
The second kernel vulnerability is still related to the OverlayFS file system in the Linux kernel, which this time inaccurately produced security sensitive extended attributes, thus allowing an unprivileged local attacker to elevate his/her privileges.
Moreover, the third security issue has been discovered in the way Linux kernel enforced rlimits for the file descriptors that were sent over UNIX domain sockets, thus allowing local attackers to cause a DoS (Denial-of-Service) attack.
The fourth vulnerability was discovered in Linux kernel’s FUSE (Filesystem in Userspace) implementation, which couldn’t properly handle initial zero length segments, thus allowing a local attacker to cause a denial of service (DoS).
The last security flaw is a race condition, discovered in Linux kernel’s TLB (Translation Lookaside Buffer) implementation and the way it handled flush events, which could allow a local attacker to leak sensitive information or cause a DoS (denial-of-service).
Users need to update their systems as soon as possible
Canonical urges all users of the Ubuntu 15.10 (Wily Werewolf) and Ubuntu 15.10 for Raspberry Pi 2 operating systems to update their computers and devices as soon as possible.
To update Ubuntu 15.10, use the built-in Software Updater utility and apply all available updates. If you are using Ubuntu 15.10 on Raspberry Pi 2, you’ll need to update via a terminal emulator using the next set of commands.
sudo apt update && sudo apt dist-upgrade
After the kernel update, you need to reboot your computer. The new kernel versions are linux-image-4.2.0-30 (4.2.0-30.35) for Ubuntu 15.10 and linux-image-4.2.0-1025-raspi2 (4.2.0-1025.32) for Ubuntu 15.10 for Raspberry Pi 2.