Canonical Patch Up a Flaw Found in the Linux Kernel
During a recent scan by Canonical, the maintenance team was able to spot some vulnerabilities In the Linux Kernel for Ubuntu16.10 LTS Xenial Xerus, Ubuntu 15.10 Wily Werewolf and the Ubuntu 14.04 Trusty Tahr GNU/Linux based operating system.
The flaw was recently discovered by Jan Stancek in the memory manager of the Linux Kernel packages of all the mentioned Ubuntu operating systems which if exploited, could be usedby attackers to crash all infected systems using the brutal Denial of Services attack.
The new kernel versions are linux-image-4.4.0-31 (4.4.0-31.33) for Ubuntu 16.04 LTS, linux-image-4.2.0-42 (4.2.0-42.49) for Ubuntu 15.10, linux-image-3.13.0-92 (3.13.0-92.139) for Ubuntu 14.04 LTS, linux-image-3.19.0-65 (3.19.0-65.73~14.04.1) for Ubuntu 14.04.1 LTS or later, and linux-image-4.2.0-1034-raspi2 4.2.0-1034.44 for Ubuntu 15.10 for Raspberry Pi
“Jan Stancek discovered that the Linux kernel’s memory manager did not properly handle moving pages mapped by the asynchronous I/O (AIO) ring buffer to the other nodes. A local attacker could use this to cause a denial of service (system crash),” reads one of the security notices published today by Canonical.
Canonical has urged all users using any these operating systems (Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 15.10 (Wily Werewolf), and Ubuntu 14.04 LTS (Trusty Tahr) to update to latest Kernel version, details below.
The flaw found in the Kernel has been fully documented at CVE-2016-3070 and it affects a whole range of Kernel versions across the board including the long-term supported Linux 4.4, Linux 4.2, as well as Linux 3.13 and 3.19.
This also means that other GNU/Linux based operating systems utilizing these Kernels could be at risk as well.