Ubuntu defibrillates 14.10 for one LAST patch

Utopic Unicorn gets another gallop to leap security rainbow

A Handful of Giant Weta by Mike Locke

Ubuntu has changed its mind on an end-of-life announcement, giving Version 14.10 one last kernel patch to cover off some big vulns.

Usually, end-of-life means what it says: a version isn't going to get any more updates, and that was the status of Ubuntu 14.10 “Utopic Unicorn” (guys, it's time to rethink your naming conventions) after July 23.

However, the outfit has decided it needs one last patch due to the severity of the bugs discussed here.

The bugs are CVE-2015-4692, a KVM NULL-pointer dereference; CVE-2015-5364, a UDP checksum-handling bug that's remotely exploitable using a UDP flood; and CVE-2015-5366, also a UDP checksum-handling bug that could be exploited to crash targets with a single packet.

While Canonical's favourite path for 14.10 users is that they upgrade to 15.04 “Vivid Vervet” (see above), the patch is a concession that some shops might not have made the move since April 2015, when 15.04 was first released.

If you can, however, Canonical advises that the upgrade to 15.04 is the best course of action. ®

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017