Like every two weeks or so, the last time was May 20, Canonical has released new kernel updates to fix various vulnerabilities. In fact, taking a first look at their security news website can make your hair stand on end: they have published 7 USN reports related to security bugs corrected in the core of their operating system, to which we must add an eighth that does not it is directly in the kernel but we take advantage of this article to report on it.
The eighth security flaw and the one that we think we have to include in this post even if it does not mention the kernel is the USN-4385-1, where a security breach is described in intel microcode which affects Ubuntu 20.04 LTS, 19.10, 18.04 LTS, 16.04 LTS and 14.04 ESM. There are three security flaws in this report and could be used to expose sensitive information. They are labeled medium urgency because the attack must be carried out with physical access to the computer.
8 security bugs fixed in kernel updates
Although each report collects different information, they have been corrected a minimum of 8 security failures in kernel updates. The 7 reports are as follows:
- USN-4387-1- Affects Ubuntu 19.10 and 18.04 and could be used by a local attacker to expose sensitive information.
- USN-4388-1- Affects Ubuntu 18.04 and could be used by a local attacker to expose sensitive information.
- USN-4389-1- Affects Ubuntu 20.04 and could be used by a local attacker to expose sensitive information.
- USN-4390-1- Affects Ubuntu 18.04, 16.04, and 14.04 and could be used by a local attacker to expose sensitive information.
- USN-4391-1- Affects Ubuntu 16.04 and 14.04 and could be used by a local attacker to expose sensitive information and possibly execute arbitrary code.
- USN-4392-1- Affects Ubuntu 14.04 and 12.04 and describes bugs where uA physically close attacker controlling an access point could use this to construct messages that could possibly result in the execution of arbitrary code. One of the failures is labeled high priority.
- USN-4393-1- Affects Ubuntu 12.04 and describes bugs where uA physically close attacker controlling an access point could use this to construct messages that could possibly result in the execution of arbitrary code. A bug that is tagged as high priority is also mentioned here.
Taking into account the number of bugs discovered, which are not so many in number but the fact that there are so many reports does not cause peace of mind, and that protecting ourselves is as simple as opening our software center or application Software update and applying the patches that are already waiting for us , it is recommended to update as soon as possible. For the changes to take effect, you will have to restart the computer, unless we use LivePatch and you tell us otherwise.
Hello luckily you touched on the subject. It happened to me that I gave him to update software in 18.04 and without seeing updates and without restarting without asking for a password, the kernel headers etc. were updated, which is strange because it always asks for password and restart. Well inform me and turn off the pc after that after a while I update again and it tells me that some old kernels will have to be deleted ok it is normal that always does it from a short time, but I do not have to restart and nor does it ask me, finally before closing the pc updates me the Intel theme. And I ask you since you have more idea than I myself that I learn from mistakes and successes. If this happened to me is normal or I should wait for more updates tomorrow and I will have the matter fixed. It does not keep running for me to put the latest kernel directly without asking me for a password and without asking me to restart the pc. You could not but is asking a lot for a guide on how to act apart from updating. Thanks in advance whenever I can read you. You do a great job and your texts have helped me since I had Ubuntu 3.