Tuesday 6 September 2016

Canonical patches Kernel Vulnerabilities for Ubuntu 16.04

The news is about a week old (well, almost), but just to warn you; If you are running on Ubuntu 16.04 LTS Xenial Xerus ans still not updated your Linux Kernel, you should do so immediately. On Aug 29, Canonical rolled out a Kernel patch for Ubuntu and it's derivatives that included 8 fixes. The USN-3070-1: Linux kernel vulnerabilities patch includes several security issue fixes for the kernel. 

The kernel fixes includes: 

CVE-2016-1237 : Missing permission check when settings ACLs in nfsd, can be exploited by a local user to gain access to any file by setting an ACL.

CVE-201605244 : Information leak in the RDS implementation used by the local attacker to obtain sensitive information from kernel memory.

CVE-2016-5400 : The airspy USB device in kernel do not handle certain error conditions, can be used for Denial of Service attacks by someone with a physical access. 

CVE-2016-5696 : A flaw in TCP implementation of handling acknowledgements, can be used to cause Denial of Service or injecting content in TCP stream.

CVE-2016-5728 : Race condition in MIC VOP driver in Linux, can be used to obtain potentially sensitive information from memory. On PowerPC platforms, Kernel mishandled transaction memory state on exec(), can be used to execute arbitrary code. 

CVE-2016-5829 : Heap based buffer overflow existence in kernel, can result in Denial of Service attacks, or execute arbitrary code.

CVE-201606197 : OverlayFS implementation in kernel do not verify dentry state before proceeding with unlink and rename operations, resulting in DoS attacks. 

How to upgrade your Linux System

You need to update your system by following the below steps. 

For Desktops:

Chances are that your Ubuntu system has already notified about the security update. Or alternatively, open Update Manager and review and select the pending updates. Once selected, click on Install Updates button to upgrade to the latest version. You won't need to restart your system after the upgrades. 

For Servers: 

Login to the server, and type in the following commands to update your system. 

sudo apt-get update
sudo apt-get dist-upgrade

The strength of Linux lies in the patching of known vulnerabilities as soon as they are discovered, and you should always keep your system up-to-date. Thanks for reading by.


Post a Comment