14 DAY TRIAL // After having released kernel updates for the Ubuntu 14.10 (Utopic Unicorn) and Ubuntu 14.04 LTS (Trusty Tahr) operating systems, Canonical announced on June 10 the immediate availability of a new kernel update of its Ubuntu 12.04 LTS (Precise Pangolin) distro.
The new security notice informs users that five security issues (CVE-2015-2150, CVE-2015-2830, CVE-2015-3331, CVE-2015-3636, and CVE-2015-4167) discovered by various developers in the upstream Linux kernel packages were patched in the Ubuntu 12.04 LTS operating system and all of its derivatives.
The first security issue (CVE-2015-2150) was discovered by Jan Beulich in Linux kernel's Xen virtual machine subsystem and it could allow a local guest user to crash the host system by causing a denial of service (DoS).
The second security flaw (CVE-2015-2830) is a privilege escalation in the fork syscall via the int80 entry on 64-bit Linux kernels that support 32-bit emulation and it could allow unprivileged local attackers to escalate their privileges on the host system.
The third kernel vulnerability (CVE-2015-3331) is related to a memory corruption problem in the AES decryption function of the Linux kernel and it could enable remote attackers to crash the system by causing a DoS (Denial of Service), as well as to escalate their privileges on Intel systems with AEC-GCM mode IPSec security association.
The fourth security issue (CVE-2015-3636) was discovered by Wen Xu in the IPv4 ping support for the Linux kernel and it could let a local user crash the host system by causing a denial of service (DoS), as well as obtain root privileges on the respective host.
Lastly, the fifth kernel vulnerability (CVE-2015-4167) was discovered by Carl H Lunde in the Linux kernel's UDF file system and it could allow a local attacker to crash the system by causing a denial of service using a corrupted filesystem image.
All Ubuntu 12.04 LTS users are urged to update immediately
As expected, Canonical urges all Ubuntu 12.04 LTS (Precise Pangolin) users to update their systems as soon as possible. The kernel packages (linux-image-3.2.0-85 3.2.0-85.122) are already available in the default software repositories of the distribution.
To update, open Unity Dash, search for Software Updater, wait for the application to find existing updates, and apply them. After a successful update process, you will have to reboot your machine(s) for the new kernel packages to be activated.