Ubuntu plugs code exec, DoS Linux kernel holes

Ubuntu plugs code exec, DoS Linux kernel holes


Ubuntu has patched four Linux kernel vulnerabilities that allowed for arbitrary code execution and denial of service attacjs.
The flaws (CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847) is fixed in Ubuntu 14.04 LTS.
Researcher Venkatesh Pottem found a use-after-free vulnerability in the Linux kernel CXGB3 driver which local hackers could use to trigger a crash or execute arbitrary code.
Xiaofei Rex Guo reported a second timing side channel vulnerability in the Linux Extended Verification Module which impacted system integrity.
A third hole found by bug basher David Herrmann could exhaust resources and cause denial of service.
The final vulnerability unattributed to a researcher also triggered denial of service thanks to the Linux kernel not enforcing limits on the amount of data allocated to buffer pipes.
The problems impact Ubuntu 14.04 LTS, the current long-term support version of Ubuntu which will be smothered in love and patches until 2019.

Source: http://www.theregister.co.uk/2016/04/07/ubuntu_kernel_patch/
Submitted by: Arnfried Walbrecht


Comments are closed.