Ubuntu Patches New Linux Kernel Vulnerabilities Including Raspberry Pi 2
There are four security issues that found in the Linux kernel packages of Ubuntu 15.10 (Wily Werewolf), Ubuntu 15.04 (Vivid Vervet), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin).
First and second security discovered in Ubuntu 14.10 LTS Linux kernel (Vivid HWE) and (Wily HWE) vulnerabilities
Felix Wilhelm discovered a race condition in the Xen paravirtualized drivers which can cause double fetch vulnerabilities. An attacker in the paravirtualized guest could exploit this flaw to cause a denial of service (crash the host) or potentially execute arbitrary code on the host.
Third Vulnerability in Linux kernel (Raspberry Pi 2) vulnerability
Jann Horn discovered a ptrace issue with user namespaces in the Linux kernel. The namespace owner could potentially exploit this flaw by ptracing a root owned process entering the user namespace to elevate its privileges and potentially gain access outside of the namespace.
Fourth Vulnerability in Linux kernel Ubuntu 12.04 LTS (Trusty HWE) and 14.04 LTS (Utopic HWE) vulnerabilities
Konrad Rzeszutek Wilk discovered the Xen PCI backend driver does not perform sanity checks on the device's state. An attacker could exploit this flaw to cause a denial of service (NULL dereference) on the host.
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Post a Comment
Note: only a member of this blog may post a comment.