All Ubuntu users are urged to update immediately

May 6, 2015 01:45 GMT  ·  By

In a recent security notice, dated May 5, Canonical announced the immediate availability of a new kernel update for all of its supported Ubuntu Linux operating systems, including Ubuntu 15.04 (Vivid Vervet), Ubuntu 14.10 (Utopic Unicorn), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin).

A single kernel vulnerability (CVE-2015-3339) has been patched in the upstream Linux kernel 3.2, used in Ubuntu 12.04 LTS, Linux kernel 3.13, used in Ubuntu 14.04 LTS, Linux kernel 3.16, used in Ubuntu 14.10, and Linux kernel 3.19, which is used in Ubuntu 15.04.

It was discovered that a race condition between Linux kernel's execve() and chown() functions could allow a local attacker to gain root privileges by using chown on a setuid-user-binary. The priority of this bug was marked as high, which means that all Ubuntu users are urged to update their systems immediately.

"A race condition between chown() and execve() was discovered in the Linux kernel. A local attacker could exploit this race by using chown on a setuid-user-binary to gain administrative privileges" was stated in Canonical's security notice.

Here's how to update the new kernel packages of your Ubuntu distro

The new kernels are linux-image-3.19.0-16 (3.19.0-16.16) for Ubuntu 15.04 (Vivid Vervet), linux-image-3.16.0-37 (3.16.0-37.49) for Ubuntu 14.10 (Utopic Unicorn), linux-image-3.13.0-52 (3.13.0-52.85) for Ubuntu 14.04 LTS (Trusty Tahr), and linux-image-3.2.0-83 (3.2.0-83.120) for Ubuntu 12.04 LTS (Precise Pangolin).

To update, you must open the Unity Dash, search for the Software Updater application, open it, wait for the update channels to be refreshed, and apply any available updates. As usual, after a kernel update, you will have to reboot your machine for the changes to be applied.

Additionally, if you have third-party applications that require kernel modules to run at startup, you will have to update these modules manually. The CVE-2015-3339 vulnerability affects any Linux kernel-based operating system that uses the kernel packages mentioned above.