Canonical has released a yet another pack of security fixes for its Ubuntu platform. The first security patches range of this year fix four important Linux vulnerabilities.
The new pack brings fixes for two issues affecting Ubuntu 16.10 (Yakkety Yak) and Ubuntu 12.04 (Precise Pangolin). There are also patches for three issues affecting Ubuntu 16.04 (Xenial Xerus) and the four ones affecting Ubuntu 14.04 (Trusty Tahr).
Canonical considers that the vulnerability in KVM implementation of Linux kernel could allow a local attacker to pose sensitive information from kernel memory. This vulnerability has affected all versions of Ubuntu.
The second security flaw was a race condition in kernel’s ALSA (Advanced Linux Sound Architecture) sound system. This issue has affected Ubuntu 12.04, 14.04 and 16.04 LTS. The race condition could expose the root access causing a DDoS attack.
Similar to the second one, the third security flaw was found in Linux kernel’s netlink_dump() function that could allow a local attacker to cause a denial of service attack. This has so far been affected only Ubuntu 14.04 LTS.
The Canonical team has also fixed the security issue that was an integer overflow while handling SO_RCVBUFFORCE and SO_SNDBUFFORCE options. A local attacker could access CAP_NET_ADMIN capability to cause DDoS attack or memory corruption. This vulnerability has affected Ubuntu 14.04, 16.04 and 16.10 releases.
None of these security flaws are as bad as the previously infamous remote escalation. But certainly, Ubuntu users are advised to update their installation on a priority basis.