14 DAY TRIAL // After having published details about a new Linux kernel update for its Ubuntu 12.04 LTS (Precise Pangolin) operating system, Canonical has posted two more Ubuntu Security Notices informing users of the Ubuntu 15.04 and Ubuntu 14.04 LTS OSes about the availability of kernel updates for their systems.
Four Linux kernel vulnerabilities have been patched in Ubuntu 15.04 (Vivid Vervet) and five in Ubuntu 14.04 LTS (Trusty Tahr). The common ones are a flaw discovered in Linux kernel's Kernel Virtual Machine (KVM)'s kvm_apic_has_events function, as well as an issue in the JIT optimization of Linux kernel's Berkeley Packet Filter, both of which allow a local attacker to crash the system by causing a denial of service.
Additionally, two flaws were discovered in Linux kernel's handling of invalid User Datagram Protocol (UDP) checksums, which could allow a remote attacker to cause a denial of service by flooding the system with UDP packets that have invalid checksums, as well as to cause a DoS attack against apps that use epoll by injecting a single UDP packet that has an invalid checksum.
An extra security issue affects Ubuntu 14.04 LTS users
In addition to the four security vulnerabilities mentioned above, Ubuntu 14.04 LTS (Trusty Tahr) users are affected by a flaw discovered in Linux kernel's user space memory copying for pipe iovecs, which could enable a local, unprivileged user to gain root (system administrator) access or crash the system by causing a DoS (Denial of Service) attack. This also affects the Ubuntu 12.04 LTS distribution.
As expected, Canonical urges all users of the Ubuntu 14.04 LTS and Ubuntu 15.04 operating systems and their derivatives to update to linux-image-3.13.0-58 (3.13.0-58.97) and linux-image-3.19.0-23 (3.19.0-23.24) respectively as soon as possible. To update, run the Software Updater tool and apply all existing updates. Reboot your system for the kernel update to take effect.