Ubuntu issued a patch to fix a number of Kernel Vulnerabilities

Pierluigi Paganini April 07, 2016

Ubuntu has patched a number of flaws affecting the Linux kernel, it is urging users to apply the patch if they’re running 14.04 LTS or any derivative builds.

Ubuntu has patched a number of vulnerabilities affecting the Linux kernel, it is urging users to apply the patch if they’re running 14.04 LTS or any derivative builds.

According to the security advisory issued by Ubuntu yesterday, the list of bugs includes a use-after-free vulnerability (CVE-2015-8812) and a timing side-channel vulnerability (CVE-2016-2085), and a couple of flaws that open the Kernen to denial of service.

The use-after-free flaw was reported by Venkatesh Pottem, an attacker can exploit it to crash the system or possibly execute arbitrary code.

The timing side-channel vulnerability in the Linux Kernel affects the Extended Verification Module (EVM), an attacker can trigger it to compromise the. The flaw was reported by Xiaofei Rex Guo.

A third vulnerability is caused by the failure in enforcing limits on data “allocated to buffer pipes” that would’ve exhausted resources.

ubuntu12

Below the description provided for the remaining flaws fixed by the patch.

“David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2550)” states the advisory.  “It was discovered that the Linux kernel did not enforce limits on the amount of data allocated to buffer pipes. A local attacker could use this to cause a denial of service (resource exhaustion). (CVE-2016-2847)” 

If you are using Ubuntu 12.04 LTS you urgently need to update it to fix the above vulnerabilities with the following package version:

Ubuntu 14.04 LTS:
linux-image-3.13.0-85-powerpc-smp 3.13.0-85.129
linux-image-3.13.0-85-powerpc-e500mc 3.13.0-85.129
linux-image-3.13.0-85-powerpc64-smp 3.13.0-85.129
linux-image-3.13.0-85-generic 3.13.0-85.129
linux-image-3.13.0-85-generic-lpae 3.13.0-85.129
linux-image-3.13.0-85-powerpc64-emb 3.13.0-85.129
linux-image-3.13.0-85-powerpc-e500 3.13.0-85.129
linux-image-3.13.0-85-lowlatency 3.13.0-85.129

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Linux Kernel, Ubuntu 14.04 LTS)



you might also like

leave a comment