All users are urged to update as soon as possible

Jun 9, 2015 04:11 GMT  ·  By

On June 8, Canonical issued a new Ubuntu Security Notice informing all users of the Ubuntu 14.04 LTS (Trusty Tahr) operating system that a new kernel update is available.

The kernel update released by Canonical for Ubuntu 14.04 LTS and all of its derivatives patches two issues, CVE-2015-2666 and CVE-2015-2922, which were discovered by various developers in the upstream Linux kernel packages.

The first kernel vulnerability discovered in the Linux kernel packages of Ubuntu 14.04 LTS (Trusty Tahr) is a stack overflow in the microcode loader for the Intel x86 platform, which could allow a local attacker to cause a kernel crash via a DoS (Denial of Service) attack or run code with root privileges.

The second kernel vulnerability was discovered in the IPv6 networking stack of the Linux kernel, which could allow an unprivileged attacker on the LAN (Local Area Network) to cause a DoS (Denial of Service) attack by dropping IPv6 messages.

All Ubuntu 14.04 LTS users are urged to update

In order to patch the two kernel vulnerabilities mentioned above in your Ubuntu 14.04 LTS (Trusty Tahr) operating system(s), Canonical recommends updating the installation(s) as soon as possible. The updated kernel images are already available in the main software repositories of your distribution.

Please note that the security flaws affect only the Linux 3.13 kernel packages of the vanilla Ubuntu 14.04 LTS (Trusty Tahr) operating system. The updated kernel packages are "linux-image-3.13.0-51 (3.13.0-51.84)," so make sure that you have this version after the upgrade by running the "uname -r" command in a terminal emulator.

To update, open the Unity Dash, search for Software Updater, open the application, wait for it to reload the repositories and find new updates, then apply all available patches. Be aware that after the update you will have to reboot your computer to activate the new kernel.

Show Press Release