Canonical updates the Ubuntu kernel, fixing 3 security holes, including one of high priority.
Using Linux does not mean being immune to security holes, but usually updates are fast. Always keep your system current to avoid possible breaches and possible inconvenience. If you use Ubuntu and its derivatives, such as Linux Mint, upgrade your system immediately.
Today two reports have been published by Canonical, the Ubuntu company, showing the discovery of vulnerabilities that hit all supported versions of the system. The first report, USN-4135-1states that both Ubuntu 16.04 LTS, 18.04 LTS and 19.04 are hit by the flaws. J the second, USN-4135-2, mentions about the same, however for extended security versions Extended Security Maintenance (ESM) support. Being Ubuntu 12.04 and 14.04. Another detail, which has not yet been confirmed if the flaws affect Ubuntu 19.10.
Vulnerabilities fixed with new kernel
- CVE-2019-14835 : A buffer overflow was discovered in the backend implementation (vhost_net) of the virtio network in the Linux kernel. An attacker could use this to cause a denial of service (blocking the host operating system) or likely to execute arbitrary code on the host operating system (high priority);
- CVE-2019-15030 : The Linux kernel in PowerPC architectures did not properly handle resource exceptions not available in some situations. A local attacker could use this to expose sensitive information (medium priority);
- CVE-2019-15031 : The Linux kernel on PowerPC architectures did not properly handle interrupt exceptions in some situations. Enabling the use of personal information by a local intruder.
You can use the app Program Updater and upgrade your Ubuntu. If you prefer to use the terminal, here is the command:
sudo apt update && sudo apt dist-upgrade
After the procedure, restart your computer.
Until the next post, upgrade your system, SYSTEMATICALLY!
_____________________________________________________________________________ See any errors or would you like to add any suggestions to this article? Collaborate, click here.