Canon­i­cal patches Ubuntu vul­ner­a­bil­i­ties through new up­dates

OpenSource For You - - Fossbytes -

Canon­i­cal has re­leased some new ker­nel up­dates to fix vul­ner­a­bil­i­ties within its Ubuntu plat­form. The ver­sions that are af­fected by the se­cu­rity is­sues in­clude Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS and 16.10.

Through six dis­tinct se­cu­rity no­tices on its web­site, Canon­i­cal re­vealed the vul­ner­a­bil­i­ties. The com­pany con­firmed that the se­cu­rity holes ex­ist across many Ubuntu flavours such as Kubuntu, Xubuntu and Ubuntu MATE, in ad­di­tion to the orig­i­nal Ubuntu ver­sions.

Ubuntu 12.04 LTS and 14.04 LTS in­clude the se­cu­rity flaw CVE-2016-9555, which is within Linux ker­nel’s SCTP im­ple­men­ta­tion and leads to the plat­form im­prop­erly han­dling the val­i­da­tion of in­com­ing data, which could re­sult in a de­nial of ser­vice (DoS) at­tack. The Ubuntu 12.04 LTS build also in­cludes mul­ti­ple mem­ory leaks within the XFS file sys­tem sup­port.

In Ubuntu 16.04 LTS and Ubuntu 16.10, the Canon­i­cal team has found two ma­jor se­cu­rity is­sues. The first vul­ner­a­bil­ity, doc­u­mented as CVE-2016-10147, is hid­den in the asyn­chro­nous multi-buf­fer cryp­to­graphic dae­mon of the Linux ker­nel. It al­lows at­tack­ers to crash the sys­tem via a DoS at­tack.

CVE-2016-8399, the sec­ond is­sue, is in the Linux ker­nel’s In­ter­net Con­trol Mes­sage Pro­to­col (ICMP) im­ple­men­ta­tion. It gives CAP_NET_ADMIN priv­i­leges to lo­cal at­tack­ers to ex­pose sen­si­tive in­for­ma­tion.

Ubuntu 16.10 also in­cludes the vul­ner­a­bil­i­ties CVE-2016-10150, CVE-20168632 and CVE-2016-9777. These loopholes can ei­ther re­sult in a DoS at­tack to Ubuntu sys­tems, the sys­tem crash­ing or at­tack­ers gain­ing ad­min­is­tra­tive priv­i­leges within the host op­er­at­ing sys­tem.You can in­stall the lat­est Ubuntu up­dates to patch the re­ported vul­ner­a­bil­i­ties. Once in­stalled, make sure to re­boot your sys­tem.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.