Canonical fixes 7 new vulnerabilities found in Ubuntu

pedrini210

3 minutes

It became known that canonical was able to detect various bugs or vulnerabilities in the Ubuntu system. The bug was located in the Linux kernel; Obviously, this also affects the entire group of Linux distros, so it is necessary to make the necessary updates to solve the problem.

1

Although the Vulnerabilities affect the security of the software, with respect to the permissions granted by the user, and which in turn can be translated into damage to the system by disabling the corresponding security levels. Having said that, we will now clarify what were said errors announced by Canonical.

Among some of the errors detected we can highlight the deficiency in the USB controller for Clie devices. Basically any malicious hardware could be connected to the system, without going through the adequate security level to identify the device, and also know if it is suitable to connect with the system. Similarly, another failure was detected with respect to Treo USB devices, encompassing characteristics similar to the previous failure.

Another vulnerability was found in the possibility of executing code, authorized from root by any user, caused by netfilter packet filtering and which could generate a general system crash.

Change, the same packet filtering problem is detected, which allows the execution of code in the same way, but in this case it is aimed at systems that work with 32 bits.

There is another flaw that could allow the execution of DoS attacks on the system. This bug is traced to the SCTP implementation of the Linux kernel.

Another vulnerability is found in the ALSA USB MIDI driver located in the Linux kernel. In this it could be offered to anyone who has reach to a computer, execute code from root or DoS attacks against the system.

And last but just as important is the latest vulnerability located in the TTY controller. This failure would give the possibility of being able to steal information, to an unauthorized user, about the activities carried out by users within the system.

2

As we said at the beginning, it is best to update your Ubuntu system to avoid problems with these failures. It is also believed that the same vulnerabilities may be present in the same kernel version. However, it is known that there will be a new version of the kernel packages, which translates into a compilation of modules that have been installed later.

The updated versions are:

  • Ubuntu 12.04 (LTS)

  • Ubuntu 14.04 (LTS)

  • Ubuntu 15.10

version 16.04 (LTS) is known to have no known bugs, and it will be released in April.

It is necessary that after updating the system is rebooted, so that the fixes and the kernel are fully loaded. It is worth remembering that the system has a 9-month maintenance process. So it is necessary to constantly update the latest version of the system.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   alejrof3f1p said
    ago 8 years

    Thanks for the information in the post.

    Reply to AlejRoF3f1p
  2.   manuel said
    ago 8 years

    What a bad failure!

    Reply to manuel
  3.   Daniel Smith said
    ago 8 years

    Just a clarification, Ubuntu versions that are LTS have not only 9 months of support but 5 years.

    Reply to Daniel Herrero
  4.   garcad said
    ago 8 years

    You are talking about a kernel vulnerability and after Ubuntu versions.

    I wonder what kernel versions are affected, and knowing that, I will know if my distorted linux is affected or not.

    Salu2

    Reply to Garcad