Linux News Today: Canonical Releases Major Linux Kernel Update for Ubuntu 14.04 LTS (Trusty Tahr)
We reported earlier that Canonical published several Ubuntu Security Notices on its website about the availability of new kernel updates for the Ubuntu 15.10 (Wily Werewolf) and Ubuntu 12.04 LTS (Precise Pangolin) operating systems.
But it looks like they have also released a major kernel update for its current LTS (Long Term Support) release, Ubuntu 14.04 LTS, patching a total of seven security issues discovered recently in the upstream kernels by various developers and hackers.
The first vulnerability was discovered in Linux kernel’s OverlayFS file system, which wrongly delivered file attributes when mounted on top of a FUSE (Filesystem in Userspace) mount, allowing an unprivileged local attacker to elevate his/her privileges.
The second security flaw was also discovered in the OverlayFS file system, this time related to the fact that it couldn’t correctly deliver security sensitive extended attributes like POSIX ACLs, which could allow an unprivileged local attacker to gain privileges.
The third kernel issue was discovered in the keyring subsystem of the Linux kernel. It was a race between revoke and read operations, which could allow a local attacker to crash the respective system by causing a DoS (denial-of-service) attack.
The fourth vulnerability was discovered in Linux kernel networking implementation, which incorrectly validated protocol identifiers for various protocol types. The issue could have allowed a local attacker to gain root privileges by crashing the system via a DoS (denial-of-service) attack.
Ubuntu 14.04 LTS users need to update their systems immediately
The fifth kernel issue was discovered by Dmitry Vyukov in Linux kernel’s PPTP implementation, which couldn’t correctly verify the length of an address when setting up a socket, thus allowing a local attacker to expose sensitive information from the kernel memory by crafting a malicious app.
The sixth security flaw was discovered by David Miller in Linux kernel’s Bluetooth implementation, which incorrectly validated the length of a socket address for SCO (Synchronous Connection-Oriented) sockets, thus allowing a local attacker to reveal sensitive information.
The seventh and last security issue was discovered in Linux kernel’s FUSE (Filesystem in Userspace) implementation, which incorrectly handled initial zero length segments, which could have allowed a local attacker to cause a DoS (denial-of-service) attack.
Canonical urges all users of the Ubuntu 14.04 LTS (Trusty Tahr) operating system to update their machines as soon as possible. The new kernel version is linux-image-3.13.0-79 (3.13.0-79.123) and it’s already live on the main software repositories.
To update, use the Software Updater utility from the Unity Dash, let the application reload the software repos and find available updates. Then, click on the “Install” button to apply the updates. Reboot your machine when promoted.