Canonical Updates Ubuntu 18.04 While Patching Numerous Other Security Flaws

Canonical has released updates for Ubuntu 18.04. The updates include patches for numerous security vulnerabilities in the Linux Kernel. Ubuntu 18.04 is the latest LTS (long term support) edition.

Fixes In Ubuntu 18.04

Canonical – the parent company of Ubuntu – has released numerous patches for Ubuntu 18.04. The patches address multiple security flaws in the Linux Kernel.

According to Ubuntu security notice, as much as 13 different security flaws received fixes. Out of these 13, seven different flaws existed in the ext4 filesystem implementation. These include two use-after-free vulnerabilities (CVE-2018-10876 and CVE-2018-10879), one buffer overflow vulnerability (CVE-2018-10877), and two out-of-bounds write flaws (CVE-2018-10878 and CVE-2018-10882). All five vulnerabilities could allow an attacker to cause DoS or execute arbitrary codes.

In addition, the two other vulnerabilities affecting the ext4 filesystem implementation include CVE-2018-10880 and CVE-2018-10883. Both of them could trigger system crashes following denial of service.

Allegedly, the same researcher, Wen Xu discovered all these flaws.

Besides, Jann Horn also discovered two security flaws in the Linux Kernel. The first of these is CVE-2018-17972, about which Ubuntu stated,

“the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information.”

Whereas, the second one, CVE-2018-18281, is described as,

“the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code.”

Apart from these, Canonical has also fixed four other security flaws. Two of these, CVE-2018-16882 and CVE-2018-19407, were discovered by Cfir Cohen and Wei Wu respectively.

Linux Kernel Updates

Reportedly, the vulnerabilities reported herewith not only affect Ubuntu, but also other variants. These include Kubuntu, Lubuntu, and Xubuntu. Besides, the distros based on Ubuntu 18.04 such as Mint 19 and Mint 19.1 may also be affected.

Canonical has updated Ubuntu 18.04 to the Linux Kernel 4.15.0-44.47. Users can upgrade their systems accordingly following the details given on their website.

Related posts

Apple Addressed Two Zero-Day Flaws In Intel-based Macs

Really Simple Security Plugin Flaw Risks 4+ Million WordPress Websites

Glove Stealer Emerges A New Malware Threat For Browsers