Home > Cyber News > Ubuntu 18.04 LTS Users Should Update Immediately to Patch 11 Flaws
CYBER NEWS

Ubuntu 18.04 LTS Users Should Update Immediately to Patch 11 Flaws

Canonical recently published a major Linux kernel security update for the Ubuntu 18.04 LTS (Bionic Beaver) operating system series. The update addresses eleven security flaws which were discovered by independent security researchers.




In other words, the 4.15.0-44.47 kernel contains 11 security fixes as well as other minor improvements.

A Major Linux kernel Security Update for the Ubuntu 18.04 LTS Available

The flaws also affect all the kernel’s derivatives such as Kubuntu, Xubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Budge, Ubuntu Kylin, and Ubuntu Studio. Seven of the fixes concern Linux kernel’s ext4 filesystem implementation; they were discovered by security researcher Wen Xu:

CVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879, CVE-2018-10880, CVE-2018-10882, CVE-2018-10883

These flaws range from user-after-free and buffer overflow issues, to out-of-bounds writes. The vulnerabilities could also lead to arbitrary code execution or could even crash the system in denial-of-service attacks by exploiting a specially crafted ext4 image. That image could be mounted on a vulnerable system, researchers said.

CVE-2018-10876 and CVE-2018-10879, for example, couple enable an attacker to use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code, as written in the official security advisory.

Related: [wplinkpreview url=”https://sensorstechforum.com/cve-2018-10940-linux-kernel/”]CVE-2018-10940 Bug in Linux Kernel up to Version 4.16.5

Two other flaws, CVE-2018-16882 and CVE-2018-19407, affect the Kernel-based Virtual Machine implementation (KVM). The flaws, which could allow a local attacker in a guest VM to gain admin rights in the host machine or even crash the system, were discovered by researchers Cfir Cohen and Wei Wui.

CVE-2018-17972 and CVE-2018-18281, which were reported by Google Project Zero’s researcher Jann horn, should also be mentioned. The flaws resided in Linux kernel’s procfs file system implementation and mremap() system call. If exploited, they could allow a local attacker to expose sensitive information or execute arbitrary code.

Ubuntu 18.04 LTS (Bionic Beaver) users are urged to update immediately to the linux-image 4.15.0-44.47 kernel. Note that the update is available for for generic, lpae, lowlatency 64-bit and 32-bit installations, and Snapdragon processors.

Users need to run the sudo apt update && sudo apt full-upgrade to update, and then reboot their systems. Detailed instructions are available at Ubuntu’s Wiki page.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree