Canonical has published an important kernel security patch to Ubuntu 14.04 LTS and Ubuntu 12.04 LTS. The patch fixes a total of four security issues that are affecting all supported architectures.
The new kernel update majorly enhances the security of Linux 3.13 running Ubuntu 14.04 LTS (Trusty Tahr). The major flaw (CVE-2017-7482) is found within Linux kernel’s RxRPC Kerberos 5 ticket handling code. The incorrect verification of meta data in the ticket handling code allows a remote attacker to execute arbitrary code or crash the system via a DDoS attack.
The second issue in the list of flaws is basically an integer overflow (CVE-2016-8405) in kernel’s colormap handling for frame buffer devices. It could let a local attacker access and expose sensitive information stored in the kernel memory.
Ubuntu systems also include a third security issue (CVE-2017-1000365) that needs the attacker to execute it along with another vulnerability. The flaw allows a local attacker to execute arbitrary code in combination with another vulnerability as kernel fails to restrict RLIMIT_STACK size. Likewise, there is the fourth issue (CVE-2017-2618) that allows local attackers to crash the system and cause DDoS attack because SELinux handled empty writes to /proc/pid/attr.
Most of the issues are affecting kernel Ubuntu 14.04 LTS as well as 12.04 LTS based on kernel 3.13.
Canonical urges Ubuntu users to update their installation by downloading the linux-image 188.8.131.52.136. You can check for the available update by running “sudo apt-get update && sudo apt-get dist-upgrade” command in the terminal.