It addresses an important security vulnerability

Oct 22, 2019 13:56 GMT  ·  By

Canonical's recently released Ubuntu 19.10 (Eoan Ermine) operating system has received today its first Linux kernel security patch to address an important security vulnerability.

Released last week on October 17th, Ubuntu 19.10 (Eoan Ermine) brought numerous new features and improvements, including experimental ZFS on root support in the installer, LZ4 initramfs compression for all architectures, up-to-date toolchain, and embedded Nvidia graphics drivers. It also ships with the latest Linux 5.3 kernel series.

However, it would appear that Linux kernel 5.3 before before version 5.3.4 was plagued by a security vulnerability (CVE-2019-18198) found in the IPv6 routing implementation, which could allow a local attacker to crash the system or execute arbitrary code. The issue can be mitigated by disabling unprivileged user namespaces via the following command.

sudo sysctl kernel.unprivileged_userns_clone=0 "It was discovered that the IPv6 routing implementation in the Linux kernel contained a reference counting error leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code," reads the security advisory.

Users urged to update their systems immediately

Canonical urges all users of the Ubuntu 19.10 (Eoan Ermine) operating system to update the kernel packages to version linux-image 5.3.0-19.20 as soon as possible. Users can update by following the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades or by running the following command in the Terminal app.

sudo apt update && sudo apt dist-upgrade The new Linux kernel security update is available for 64-bit (amd64) systems, Raspberry Pi devices, cloud environments, Amazon Web Services (AWS) systems, Microsoft Azure Cloud systems, and Google Cloud Platform (GCP) systems. Please remember to reboot your computer after installing the new kernel version, and also rebuild any third-party kernel modules you might have installed.