Canonical has released updates for Ubuntu 18.04. The updates include patches for numerous security vulnerabilities in the Linux Kernel. Ubuntu 18.04 is the latest LTS (long term support) edition.
Fixes In Ubuntu 18.04
Canonical – the parent company of Ubuntu – has released numerous patches for Ubuntu 18.04. The patches address multiple security flaws in the Linux Kernel.
According to Ubuntu security notice, as much as 13 different security flaws received fixes. Out of these 13, seven different flaws existed in the ext4 filesystem implementation. These include two use-after-free vulnerabilities (CVE-2018-10876 and CVE-2018-10879), one buffer overflow vulnerability (CVE-2018-10877), and two out-of-bounds write flaws (CVE-2018-10878 and CVE-2018-10882). All five vulnerabilities could allow an attacker to cause DoS or execute arbitrary codes.
In addition, the two other vulnerabilities affecting the ext4 filesystem implementation include CVE-2018-10880 and CVE-2018-10883. Both of them could trigger system crashes following denial of service.
Allegedly, the same researcher, Wen Xu discovered all these flaws.
Besides, Jann Horn also discovered two security flaws in the Linux Kernel. The first of these is CVE-2018-17972, about which Ubuntu stated,
“the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information.”
Whereas, the second one, CVE-2018-18281, is described as,
“the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code.”
Linux Kernel Updates
Reportedly, the vulnerabilities reported herewith not only affect Ubuntu, but also other variants. These include Kubuntu, Lubuntu, and Xubuntu. Besides, the distros based on Ubuntu 18.04 such as Mint 19 and Mint 19.1 may also be affected.