OpenSource For You
Canonical patches Ubuntu vulnerabilities through new updates
Canonical has released some new kernel updates to fix vulnerabilities within its Ubuntu platform. The versions that are affected by the security issues include Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS and 16.10.
Through six distinct security notices on its website, Canonical revealed the vulnerabilities. The company confirmed that the security holes exist across many Ubuntu flavours such as Kubuntu, Xubuntu and Ubuntu MATE, in addition to the original Ubuntu versions.
Ubuntu 12.04 LTS and 14.04 LTS include the security flaw CVE-2016-9555, which is within Linux kernel’s SCTP implementation and leads to the platform improperly handling the validation of incoming data, which could result in a denial of service (DoS) attack. The Ubuntu 12.04 LTS build also includes multiple memory leaks within the XFS file system support.
In Ubuntu 16.04 LTS and Ubuntu 16.10, the Canonical team has found two major security issues. The first vulnerability, documented as CVE-2016-10147, is hidden in the asynchronous multi-buffer cryptographic daemon of the Linux kernel. It allows attackers to crash the system via a DoS attack.
CVE-2016-8399, the second issue, is in the Linux kernel’s Internet Control Message Protocol (ICMP) implementation. It gives CAP_NET_ADMIN privileges to local attackers to expose sensitive information.
Ubuntu 16.10 also includes the vulnerabilities CVE-2016-10150, CVE-20168632 and CVE-2016-9777. These loopholes can either result in a DoS attack to Ubuntu systems, the system crashing or attackers gaining administrative privileges within the host operating system.You can install the latest Ubuntu updates to patch the reported vulnerabilities. Once installed, make sure to reboot your system.