Canonical, the company responsible for Ubuntu, has just released a bug fix update for the kernel. Update your system!
Some bugs affecting the Linux kernel in Ubuntu were fixed today by Canonical. If you use Ubuntu or extremely important derivatives to keep your system up to date with these updates, problems can be avoided.
- CVE-2019-11487: Leaking integers in Linux kernel when referring to page, causing possible memory free issues. This failure could cause breaches for an attacker locally, execute malicious code, or a DoS Attack. This flaw does not affect LTS versions;
- CVE-2019-11599: An attacker locally could cause a DoS Attack or expose personal information. Another flaw that does not affect LTS versions;
- CVE-2019-11833: Implementation of the ext4 file system in the Linux kernel at times did not properly terminate the memory process. A local attacker could gain access to confidential information through this kernel memory process;
- CVE-2019-11884: The implementation of Bluetooth Human Interface Device Protocol (HIDP) on some occasions did not correctly check for NULL (empty) requests. Thus an attacker locally could use this failure to expose private information (from kernel memory);
- CVE-2019-11085: The Intel i915 graphics driver in the kernel at times did not correctly restrict mmap ranges. A local attacker could, through this failure, launch a DoS Attack and abruptly shut down the machine, such as executing arbitrary codes. This flaw did not affect Ubuntu 19.04, but the LTS;
- CVE-2019-11815: It has been found that the implementation of the Reliable Datagram Sockets (RDS) protocol, which by default is disabled on Ubuntu, if active could give a local attacker the ability to perform a DoS Attack or possibly execute a malicious code. This flaw also affects LTS 16.04 / 18.04, Ubuntu 19.04 is not affected.
For Ubuntu 16.04 / 18.04 and 19.04 users it is extremely important to upgrade the system. Even if the flaws are considered to be medium, as it is obligatory to limit the attacker to be locally during the attacks, it is not indicated to delay security updates in any way.
You can use the app Program Updater and install your Ubuntu. If you prefer to use the terminal, here is the command:
sudo apt update && sudo apt dist-upgrade
_____________________________________________________________________________ See any errors or would you like to add any suggestions to this article? Collaborate, click here.