Linux News Today: Canonical Patches Seven Linux Kernel Vulnerabilities in Ubuntu 15.10, Update Now

We reported earlier that Canonical released a minor kernel update for its Ubuntu 12.04 LTS (Precise Pangolin) operating system, and now the company announces a new kernel update for Ubuntu 15.10 (Wily Werewolf).

Today’s Ubuntu Security Notice USN-2930-1 reports the fact that a total of seven Linux kernel vulnerabilities have been patched in the kernel packages of the Ubuntu 15.10 operating system, and users are urged to update as soon as possible.

The first security issue was discovered in Linux kernel’s netfilter implementation, which couldn’t correctly perform validation while handling IPT_SO_SET_REPLACE events, allowing an unprivileged local attacker to run code as root or crash the system.

The second kernel vulnerability is an integer overflow in Linux kernel’s netfilter implementation, which affected only the 32-bit kernel of Ubuntu 15.10, allowing an unprivileged local attacker to crash the system or execute code as root.

The third security flaw was discovered in Linux kernel’s USB driver for Clie devices, which was not capable of properly sanity checking the endpoints reported by a device, thus allowing an attacker that had physical access to the system to crash it.

The fourth security issue is a race condition discovered in the handling of heartbeat-timeout events of Linux kernel’s SCTP implementation, which could have allowed a remote attacker to cause a denial of service (DoS) attack on the system.

Ubuntu 15.10 users need to update as soon as possible

The fifth kernel vulnerability is a race condition discovered in TTY driver’s ioctl handler of the Linux kernel, which a local attacker could exploit to expose sensitive information or crash the system via a denial of service attack.

The sixth security flaw was discovered in Linux kernel’s ALSA USB MIDI driver, which wrongly executed a double-free, allowing a local attacker that had physical access to the machine to crash the system via a DoS attack or execute code as root.

The seventh and last kernel vulnerability has been discovered in Linux kernel’s USB driver for Treo devices, which wasn’t capable of sanity checking the endpoints reported by a device, thus allowing an attacker that had physical access to the system to crash it.

All Ubuntu 15.10 (Wily Werewolf) users are urged to update their systems as soon as possible. The new kernel version (linux-image-4.2.0-34 4.2.0-34.39) is now live in the main software repositories, and all you have to do to update is to run the Software Updater utility from the Unity Dash and apply all existing updates.

Don’t forget to reboot your machine once the update is complete!

Via Softpedia

Wagiman Wiryosukiro

Petani Sistem Informasi, tukang las plugin & themes Wordpress. Co-Founder SistemInformasi.biz. Saat ini aktif sebagai Developer & kontributor di OpenMandriva Linux.

You may also like...

%d bloggers like this: