We’ve reported earlier today, January 19, 2016, that a new zero-day Linux kernel vulnerability has been discovered and it could give an attacker root access to the affected machine.
Many experts have said that most GNU/Linux OS vendors will be quick to patch the security vulnerability in the kernel packages of their supported operating systems. Thus, Canonical is among the first to announce that patches are now available for the Ubuntu 15.10 (Wily Werewolf), Ubuntu 15.04 (Vivid Vervet), and Ubuntu 14.04 LTS (Trusty Tahr) distributions.
“Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges,” reads today’s Ubuntu Security Notice USN-2872-1 for Ubuntu 15.10.
Therefore, if you are using one of the aforementioned Ubuntu OSes, you are urged to upgrade the kernel packages to linux-image-4.2.0-25 (4.2.0-25.30) for Ubuntu 15.10 (Wily Werewolf), linux-image-4.2.0-1020-raspi2 4.2.0-1020.27 for Ubuntu 15.10 (Raspberry Pi 2), linux-image-3.19.0-47 (3.19.0-47.53) for Ubuntu 15.04 (Vivid Vervet), and linux-image-3.13.0-76 (3.13.0-76.120) for Ubuntu 14.04 LTS (Trusty Tahr). Please update as soon as possible.
To update, you must open the Software Updater utility from the Unity Dash, wait for the application to load the software repositories and check for updates, and then apply all existing updates by pressing the “Install Now” button. After a kernel update, you will need to reboot your computer for it to be correctly applied, as well as to rebuild any third-party kernel module you might have installed.