A security issue affects the Linux 3.13 kernel of the Ubuntu 14.04 LTS (Trusty Tahr) operating system series and its derivatives, including Kubuntu, Xubuntu, Lubuntu, Ubuntu Kylin, Ubuntu Studio, Mythbuntu, and others, allowing attackers to run programs as an administrator.
The vulnerability is a race condition (CVE-2019-6133) discovered by Jann Horn of Google Project Zero in Linux kernel’s fork() system call, which could allow a local attacker to gain access to services storing cache authorizations and run programs with administrative privileges.
To fix the security issue, Canonical recommends all Ubuntu 14.04 LTS (Trusty Tahr) users to update their installations as soon as possible to the new kernel versions available in the stable software repositories, following the instructions at https://wiki.ubuntu.com/Security/Upgrades.
The new kernel versions users need to update to are linux-image 3.13.0-166.216 for 32-bit, 64-bit, and PowerPC 64-bit installations. A corresponding Linux Hardware Enablement (HWE) kernel update from Ubuntu 14.04 LTS is also available for Ubuntu 12.04 ESM users as linux-image 3.13.0-166.216~precise1.
Submitted by: Arnfried Walbrecht