Canonical launched a new Ubuntu kernel update. This is the third update (you have the other here y here) in less than 10 days and all of them have been released to fix various security flaws. The new version corrects up to three, affecting all of them Ubuntu 19.04 Disco Dingo, the latest stable version of the operating system developed by Canonical. Who has discovered two of them is again Jonathan Looney.
The new version, already available in the official Ubuntu repositories, is Linux 5.0.0-20.21 and the update is labeled medium urgency. What is available right now is a normal update, one of the lifelong ones, that is, the ones that require a restart for the protection to take effect. The bugs that Linux 5.0.0-20.21 fixes are the 1831638, CVE-2019-11479 y CVE-2019-11478.
Here's what the latest Ubuntu kernel update fixes
- Bug 1831638: Remote denial of service (resource exhaustion) caused by tampering with the TCP SACK scoreboard.
- CVE-2019-11479: discovered by Jonathan Looney, allows a remote peer to fragment TCP forwarding queues significantly more than if a larger MSS were applied.
- CVE-2019-11478: also discovered by Looney, uA remote attacker could use this to cause a denial of service.
As always when security updates are released, Canonical recommends updating as soon as possible. Many times it is not worth freaking out but, considering that two of the bugs can be exploited remotely and how little it costs to apply updates, it is worth updating as soon as we sit in front of the computer.
As we mentioned earlier, This update will be fully applied after installing and restarting the computer. It is not ruled out that Canonical also releases updated versions of the Kernel for Ubuntu 18.10, 18.04 and 16.04. If this is the case, it is likely that in a couple of days the Live Patch version for Ubuntu 18.04 and Ubuntu 16.04 will be released. In any case, check if there is an update available and install it as soon as possible.
What happened, news ... Ubuntu is updated !!