14 DAY TRIAL // Canonical, through John Johansen, announced today, April 8, that new kernel updates for the Ubuntu 14.04 LTS (Trusty Tahr) and Ubuntu 12.04 LTS (Precise Pangolin) are available to users via the default software repositories of the respective distributions.
Five new kernel vulnerabilities have been patched in the Linux 3.13 kernel packages of the Ubuntu 14.04 LTS (Trusty Tahr) operating system and only three in the Linux 3.2 kernel of the Ubuntu 12.04 LTS (Precise Pangoling) distribution.
Therefore, all Ubuntu 14.04 LTS users are urged to update their installations to the linux-image-3.13.0-49 (3.13.0-49.81) packages. Also, all Ubuntu 12.04 LTS users are urged to update to linux-image-3.2.0-80 (3.2.0-80.116).
To update your supported Ubuntu distribution to the new kernel packages listed above, open the Update Manager application from the Unity Dash and apply all available updates. A kernel update will require you to restart your machine.
Also, please note that if you have third-party applications that require recompilation of their kernel modules, will have to manually recompile and reinstall them as appropriate.
Here's what was patched in the Linux kernels of Ubuntu 14.04 and 12.04 LTS
Among the security issues that were fixed in the kernel packages of Ubuntu 14.04 LTS and Ubuntu 12.04 LTS, we can mention a use after free flaw in the Linux kernel's SCTP (Stream Control Transmission Protocol) subsystem, which occurred during INIT collisions.
A flaw in the Linux kernel's routing of packets system was also patched, as well as an integer overflow that has been discovered in the Linux kernel's stack randomization feature on 64-bit platforms.
In addition to the above, information leaks were patched in Linux Kernel's handling of userspace configuration of the LLC (Link Layer Control), and the Reliable Datagram Sockets (RDS) settings.
For more information about the security issues that were patched in today's update for Ubuntu 14.04 LTS and Ubuntu 12.04 LTS, please check out Canonical's Ubuntu Security Notice USN-2563-1 and Ubuntu Security Notice USN-2560-1.