Affects Ubuntu 19.04, 18.04 LTS, and 16.04 LTS

Sep 18, 2019 14:51 GMT  ·  By

Canonical released today a new Linux kernel security update for all supported Ubuntu releases to address three vulnerabilities across all supported architectures.

The new Linux kernel security update addresses three vulnerabilities affecting the Ubuntu 19.04 (Disco Dingo), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 ESM (Trusty Tahr), and Ubuntu 12.04 ESM (Precise Pangolin) operating systems.

The first security issue addressed in this update is a a buffer overflow (CVE-2019-14835) discovered by Peter Pi in Linux kernel's virtio network backend (vhost_net) implementation, which could allow an attacker in the guest system to either execute arbitrary code in the host OS or crash the host operating system by causing a denial of service.

The second and third Linux kernel security flaws (CVE-2019-15031 and CVE-2019-15030) affected PowerPC architectures, which incorrectly handled Facility Unavailable exceptions and exceptions on interrupts under certain situations. These could allow a local attacker to expose sensitive information.

Users are urged to update their systems immediately

Canonical urges all Ubuntu users to update their systems as soon as possible to the new Linux kernel versions, which are linux-image 5.0.0-29.31 on Ubuntu 19.04 and Ubuntu 18.04.3 LTS, linux-image 4.15.0-64.73 on Ubuntu 18.04 LTS and Ubuntu 16.04.6 LTS, linux-image 4.4.0-164.192 on Ubuntu 16.04 LTS and Ubuntu 14.04 ESM, and linux-image 3.2.0-143.190 on Ubuntu 12.04 ESM.

These are the new Linux kernel versions for 32-bit and 64-bit systems, but today's security patch is also available for Raspberry Pi 2 devices, Snapdragon and OEM processors, cloud environments, as well as Oracle Cloud, Amazon Web Services (AWS-HWE), Amazon Web Services (AWS), Google Cloud Platform (GCP), Google Container Engine (GKE), Google Container Engine (GKE), and Microsoft Azure Cloud systems.

To update your Ubuntu installations to the new Linux kernel versions, you can follow the instruction provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades or run the "sudo apt-get update && sudo apt-get full-upgrade" command in a terminal emulator. Please make sure you reboot your systems after installing the new Linux kernel versions and also rebuild any third-party modules you may have installed.