Chemical Safety Incidents
Ubuntu Patches Linux Kernel Holes
Tuesday, June 9, 2015 @ 05:06 PM gHale
After a new kernel update for the Ubuntu 14.04 LTS operating system, Canonical also said Ubuntu 14.10 received a kernel update as well.
The new kernel update patches four security issues (CVE-2015-2150, CVE-2015-2666, CVE-2015-2830, and CVE-2015-2922) discovered in the upstream Linux 3.16 kernel packages by various developers and see use in both Ubuntu 14.10 and Ubuntu 14.04.2 LTS operating systems.
The first kernel vulnerability ended up discovered by Jan Beulich in the Linux kernel’s Xen virtual machine subsystem, as it didn’t correctly restrict access to PCI command registers, which could allow a local guest user to crash the host by causing a Denial of Service (DoS).
The second security flaw discovered is a stack overflow in the microcode loader for the Intel x86 platform, which could let a local attacker run code with root privileges or cause a kernel crash via a DoS.
The third kernel vulnerability is a privilege escalation in Linux kernel’s fork syscal vi the int80 entry on 64-bit version that offers 32-bit emulation support, which could allow an unprivileged local attacker to escalate their privileges on the host system.
The fourth flaw discovered in the IPv6 networking stack of the upstream Linux 3.16 kernel, could enable an unprivileged attacker on the LAN (Local Area Network) to cause a DoS by dropping IPv6 messages.
Canonical, which produces Ubuntu, urges all Ubuntu 14.10 (Utopic Unicorn) users as well as those using the Ubuntu 14.04.2 LTS (Trusty Tahr) operating systems to update their kernel packages.