14 DAY TRIAL // Canonical released a new kernel live patch for all of its LTS (Long Term Support) Ubuntu Linux releases to address various security vulnerabilities discovered by various security researchers lately.
Coming hot on the heels of the latest Linux kernel security update released by Canonical on Tuesday, the new Linux kernel live patch security update fixes a total of five security vulnerabilities, which are documented as CVE-2018-11506, CVE-2018-11412, CVE-2018-13406, CVE-2018-13405, and CVE-2018-12233.
These include a stack-based buffer overflow (CVE-2018-11506) discovered by Piotr Gabriel Kosinski and Daniel Shapira in Linux kernel's CDROM driver implementation, which could allow a local attacker to either execute arbitrary code or cause crash the system via a denial of service.
Discovered by Jann Horn, the kernel live patch also addresses a security vulnerability (CVE-2018-11412) in Linux kernel's EXT4 file system implementation, which could allow an attacker to execute arbitrary code or crash the system via a denial of service by creating and mounting a malicious EXT4 image.
Also fixed are an integer overflow (CVE-2018-13406) discovered by Silvio Cesare in Linux kernel's generic VESA frame buffer driver, as well as a buffer overflow (CVE-2018-12233) discovered by Shankara Pailoor in the JFS file system implementation, both allowing local attackers to either crash the system or execute arbitrary code.
The last security vulnerability (CVE-2018-13405) fixed in this latest Ubuntu Linux kernel live patch may allow a local attacker to gain elevated privileges due to Linux kernel's failure to handle setgid file creation when the operation is performed by a non-member of the group.
All livepatch users must update immediately
The new Linux kernel live patch security update is available now for 64-bit (amd64) installations of the Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr) operating system series that have the Canonical Livepatch Service active and running.
While Ubuntu 18.04.1 LTS and Ubuntu 16.04.5 LTS users must update the kernel packages to version 4.15.0-32.35 and 4.15.0-32.35~16.04.1 respectively, Ubuntu 14.04.5 LTS users will have to update their kernels to version 4.4.0-133.159~14.04.1. A reboot is not required when installing a new kernel live patch. All livepatch users must update their systems immediately.