14 DAY TRIAL // After announcing the general availability of a new kernel version of its Ubuntu 12.04 LTS (Precise Pangolin) operating system, Canonical has published details about an important security patch for the kernel packages of Ubuntu 15.04 and Ubuntu 14.04 LTS.
Four vulnerabilities were patched in the Linux 3.19 and Linux 3.13 kernel packages of Ubuntu 15.04 (Vivid Vervet) and Ubuntu 14.04 LTS (Trusty Tahr), also affecting their derivatives, including Kubuntu, Xubuntu, Lubuntu, Ubuntu GNOME, Ubuntu MATE, Ubuntu Studio, Ubuntu Kylin, Ubuntu Core, Ubuntu Server, and Edubuntu.
The first security flaw was discovered in Linux kernel's IPv6 implementation, which didn't verify the validity of a new IPv6 MTU set, allowing a remote attacker to cause a DoS (Denial of Service) attack by forging a route advertisement using an invalid MTU. More details can be found at CVE-2015-0272.
The second kernel vulnerability was found in Linux kernel's virtio networking implementation, which couldn't handle fragments, allowing a remote attacker to execute code as root or crash the system by causing a DoS (Denial of Service) attack. More details can be found at CVE-2015-5156.
The third security flaw was spotted in Linux kernel's Reliable Datagram Sockets (RDS) implementation, which didn't properly verify sockets before sending a message, allowing an attacker to crash the system by causing a DoS (Denial of Service) attack. More details can be found at CVE-2015-6937.
Lastly, the fourth kernel vulnerability was disclosed by Ben Hutchings in Linux kernel's AUFS (Advanced Union Filesystem) implementation, and it allowed an attacker to crash the system by causing a DoS (Denial of Service) attack or execute code as root. More details can be found at CVE-2015-7312.
Ubuntu 15.04 and Ubuntu 14.04 LTS users need to update immediately
As expected, Canonical urges all users of the Ubuntu 15.04 (Vivid Vervet) and Ubuntu 14.04 LTS (Trusty Tahr) operating system to update their kernel packages as soon as possible in order to patch the security flaws mentioned above. The new kernels are already available in the default software repositories of the respective OSes.
To update, run the Software Updater utility and apply all available updates. Please note that you must restart your computer after a kernel update. The new kernel versions are linux-image-3.19.0-31 (3.19.0-31.36) for Ubuntu 15.04 and linux-image-3.13.0-66 (3.13.0-66.108) for Ubuntu 14.04 LTS. To check yours, run the "uname -a" command (without quotes) in the Terminal app, after restart.