We have not taken a long time to publish an image like the previous one. Very little. Not 24 hours. We usually put something like this when there is a security flaw in the operating system, and Ubuntu 19.10 comes with a kernel that contains a bug which would allow arbitrary code execution. From the looks of it, the operating system was released without including a patch that is already prepared, so we should receive the first kernel update and the corresponding USN report soon.
The bug was discovered by a reader of Phoronix, who also ensures that the IPv6 kernel code bug it can lead to denial of service (DoS) or arbitrary code execution. Once again, and they are not being few lately, it is a good time to remember that Linux 5.4 will include a new security module that they have called Lockdown and that will help to avoid problems of this type, with the price to pay that we will lose control over our team.
Canonical will release kernel update soon
The user who discovered the bug also shows us how to test the bug, for which we have to run the following snippet as any user:
unshare -rUn sh -c 'ip link add dummy1 type dummy && ip link set dummy1 up && ip -6 route add default dev dummy1 && ip -6 rule add table main suppress_prefixlength 0 && ping -f 1234 :: 1'
If we are affected, our system will crash. But, like most errors in the Ubuntu kernel and other Linux distributions, in order to exploit this bug we have to have physical access to equipment.
It's clear that a company like Canonical has to stick to an agenda and delay the launch of Eoan Ermine for a failure that required physical access to the equipment was not an option. In the next few hours / days there should be an update in our software center that will fix it. When the time comes, we will let you know.