14 DAY TRIAL // On June 21, Canonical sent out new Ubuntu Security Notices for users of Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS, informing them about a patch for a regression introduced by the previous kernel update, which we reported last week.
It would appear that the Linux kernel update released on June 15, 2015, which was supposed to patch the CVE-2015-1328 bug related to a privilege escalation when using OverlayFS mounts inside of user namespaces, introduced a regression.
The regression was introduced into the Linux kernel's OverlayFS filesystem and it could create a kernel panic by removing the directory that existed only on the lower layer.
The Ubuntu 14.10 (Utopic Unicorn), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin) operating systems are currently affected by the regression, and Canonical urges all users to upgrade as soon as possible (see below for details).
"The Fix for CVE-2015-1328 introduced a regression into the Linux kernel's overlayfs file system. The removal of a directory that only exists on the lower layer results in a kernel panic," says Canonical. "We apologize for the inconvenience."
All Ubuntu 14.10, 14.04 LTS, and 12.04 LTS users must upgrade immediately
In order to patch said regression, users of the Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS operating systems must upgrade their kernel packages immediately to linux-image-3.16.0-41 (3.16.0-41.57) for Ubuntu 14.10, linux-image-3.13.0-55 (3.13.0-55.94) for Ubuntu 14.04 LTS, and linux-image-3.2.0-86 (3.2.0-86.124) for Ubuntu 12.04 LTS.
To update, you must open the Unity Dash, search for the Software Updater utility, open it, wait for the application to refresh the software sources and find available updates, then apply any existing updates. After a successful upgrade process, you must reboot your computer for the new kernel packages to become active. More details can be found at https://wiki.ubuntu.com/Security/Upgrades.