Canonical announces new security patches for Ubuntu

Apr 7, 2020 10:44 GMT  ·  By

Canonical has released new updates for Ubuntu to resolve multiple security vulnerabilities in various versions of the operating system, including 14.04, 16.04, 18.04, and 19.10.

When exploited, the vulnerabilities can be used to cause a denial of service, which crashes the system, and expose sensitive information in the kernel memory, Canonical warns.

There are three security advisories published on April 6, as it follows:

First and foremost, USN-4318-1 refers to vulnerabilities in the Linux kernel that affect Ubuntu 16.04 LTS and Ubuntu 18.04 LTS which requires an attack to be launched locally for a denial of service or sensitive information exposure.

Furthermore, a second flaw in the KVM implementation in the Linux kernel for PowerPC processors, also requires local access to cause a system crash. And then, Sijie Luo came across an ext4 file system flaw in the Linux kernel that can also be used for a denial of service.

On the other hand, USN-4320-1 details a security flaw affecting Ubuntu 16.04 LTS and Ubuntu 14.04 ESM which, when exploited by a local attacker, can lead to a system crash or expose sensitive information in the kernel memory.

And last but not least, USN-4319-1 concerns Ubuntu 19.10 and Ubuntu 18.04 LTS, which leads to a denial of service when a local attacker exploits the flaws.

“It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19046),” Canonical says.

“Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2020-8428).”

The updates are available right now and everyone is recommended to patch systems as soon as possible.