14 DAY TRIAL // On September 3, Canonical informed its users about new Linux kernel updates for its Ubuntu 12.04 (Precise Pangolin) and Ubuntu 14.04 LTS (Trusty Tahr) operating systems, patching two critical issues, one for each of the aforementioned distributions.
According to Canonical, it would appear that an information leak was discovered in the MD (Multiple Device) driver of the Linux kernel packages for Ubuntu 12.04 LTS, which could have allowed a privileged, local attacker to retrieve sensitive data from the kernel. The security flaw was discovered by Benjamin Randazzo.
For Ubuntu 14.04 LTS (Trusty Tahr), Canonical patched an integer overflow error found in Linux kernel's SCSI generic driver, which could allow a local attacker who had write permissions to an SCSI generic device to gain root access or crash the system through a denial of service (DoS) attack.
"A security issue affects these releases of Ubuntu and its derivatives. The system could be made to expose sensitive information," said Canonical referring to Ubuntu 12.04 LTS (Precise Pangolin). On the other hand, Canonical posted the following note for Ubuntu 14.04 LTS (Trusty Tahr): "The system could be made to crash or run programs as an administrator."
All Ubuntu 12.04 and Ubuntu 14.04 users must update immediately
Canonical urges all users of the Ubuntu 12.04 LTS (Precise Pangolin) and Ubuntu 14.04 LTS (Trusty Tahr), as well as those of GNU/Linux distributions that are based on them, to update their systems as soon as possible. The new kernel versions are available as we speak in the main software repositories.
To update, you must open the Software Updater utility, check for updates, and then apply all available updates. Please note that you must restart your computer when updating the Linux kernel packages, otherwise they won't be updated. After the update, make sure that you're running linux-image-3.2.0-90 (3.2.0-90.128) on Ubuntu 12.04 LTS and linux-image-3.13.0-63 (3.13.0-63.103) on Ubuntu 14.04 LTS by using the "uname -a" command in the Terminal app.