OpenSource For You

Canonical patches Ubuntu vulnerabil­ities through new updates


Canonical has released some new kernel updates to fix vulnerabil­ities within its Ubuntu platform. The versions that are affected by the security issues include Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS and 16.10.

Through six distinct security notices on its website, Canonical revealed the vulnerabil­ities. The company confirmed that the security holes exist across many Ubuntu flavours such as Kubuntu, Xubuntu and Ubuntu MATE, in addition to the original Ubuntu versions.

Ubuntu 12.04 LTS and 14.04 LTS include the security flaw CVE-2016-9555, which is within Linux kernel’s SCTP implementa­tion and leads to the platform improperly handling the validation of incoming data, which could result in a denial of service (DoS) attack. The Ubuntu 12.04 LTS build also includes multiple memory leaks within the XFS file system support.

In Ubuntu 16.04 LTS and Ubuntu 16.10, the Canonical team has found two major security issues. The first vulnerabil­ity, documented as CVE-2016-10147, is hidden in the asynchrono­us multi-buffer cryptograp­hic daemon of the Linux kernel. It allows attackers to crash the system via a DoS attack.

CVE-2016-8399, the second issue, is in the Linux kernel’s Internet Control Message Protocol (ICMP) implementa­tion. It gives CAP_NET_ADMIN privileges to local attackers to expose sensitive informatio­n.

Ubuntu 16.10 also includes the vulnerabil­ities CVE-2016-10150, CVE-20168632 and CVE-2016-9777. These loopholes can either result in a DoS attack to Ubuntu systems, the system crashing or attackers gaining administra­tive privileges within the host operating system.You can install the latest Ubuntu updates to patch the reported vulnerabil­ities. Once installed, make sure to reboot your system.

 ??  ??

Newspapers in English

Newspapers from India