Ubuntu plugs code exec, DoS Linux kernel holes

This is kind of a big deal because the mess is in 14.04 LTS, expiry date 2019

Ubuntu has patched four Linux kernel vulnerabilities that allowed for arbitrary code execution and denial of service attacjs.

The flaws (CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847) is fixed in Ubuntu 14.04 LTS.

Researcher Venkatesh Pottem found a use-after-free vulnerability in the Linux kernel CXGB3 driver which local hackers could use to trigger a crash or execute arbitrary code.

Xiaofei Rex Guo reported a second timing side channel vulnerability in the Linux Extended Verification Module which impacted system integrity.

A third hole found by bug basher David Herrmann could exhaust resources and cause denial of service.

The final vulnerability unattributed to a researcher also triggered denial of service thanks to the Linux kernel not enforcing limits on the amount of data allocated to buffer pipes.

The problems impact Ubuntu 14.04 LTS, the current long-term support version of Ubuntu which will be smothered in love and patches until 2019.

Ubuntu has published downloads to fix the flaws here

Sponsored: The Joy and Pain of Buying IT - Have Your Say


Biting the hand that feeds IT © 1998–2017