Ubuntu Patches Kernel Vulnerabilities

[RV_]

Check your Ubuntu version and make sure you are up to date on your patches. These have been fixed all you have to do is make sure you have the patches.

 

Excerpt:

 

"Several vulnerabilities in Ubuntu’s implementation of the Linux kernel, including a use-after-free vulnerability and a timing side-channel vulnerability, were patched today.

 

An advisory issued by Ubuntu Wednesday morning urges users to patch if they’re running 14.04 LTS or any derivative builds.

 

The update fixes a use-after-free vulnerability in the kernel’s CXGB3 driver that an attacker could leverage to carry out a denial of service attack causing a system crash which could allow for code execution. The issue, discovered by Venkatesh Pottem, is one of two medium severity issues patched with the update.

 

The second vulnerability, found by David Herrmann, is triggered because the kernel “incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket,” he said. Like the first issue, an attacker could’ve exploited the vulnerability to carry out a denial of service attack.

 

A third DoS issue stemmed from the fact that the Linux kernel failed to enforce limits on data “allocated to buffer pipes,” something that would’ve exhausted resources as well."

 

More in the article here: https://threatpost.com/ubuntu-patches-kernel-vulnerabilities/117229/

 

The original Ubuntu advisory: http://www.ubuntu.com/usn/usn-2946-1/