It may not worry, but it does attract attention. And it is that last week many security patches were released, such as those of the new versions of Firefox (67.0.3 y 67.0.4) or, more related to this post, a new update of Ubuntu kernel. The previous patch was released on Tuesday the 18th, so we can say that that version has not lasted a week until Canonical has released a new one to fix more security flaws.
Initially, the security flaws discovered only affect Ubuntu 19.04 Disco Dingo, Ubuntu 18.04 Cosmic Cuttlefish and Ubuntu 18.04 Bionic Beaver, so the still supported Ubuntu 16.04 Xenial Xerus and an Ubuntu 19.10 Eoan Ermine that is currently in development phase. The bug that corrects Linux 5.0.0-19 is CVE-2019-12817 on 64-bit PowerPC systems (ppc64el) and can allow a local attacker to access memory content or corrupted memory of other processes.
Canonical releases second kernel update in 7 days
As always in these cases, Canonical recommends updating all users who are using an affected version. The new kernel versions are 5.0.0-19.20 for Ubuntu 19.04, 4.18.0-24.25 for Ubuntu 18.10 and 22.214.171.124.25~ 18.04.1 for Ubuntu 18.04.x.
Last week, two days after the release of the previous update, Canonical also released the Live Patch versions of the same patch. The difference between both versions is that one is aimed at computers incompatible with Live Patch or compatible that have it disabled, and complete their installation after the system reboot, and the Live Patch versions do not require a restart. The main version of this article is the normal version, so we will not be protected until we restart the computer.
Although it is true that it is worthwhile to always have the software updated, this is a new case in which I would not worry too much because the failure can only be exploited by having physical access to the equipment. What does worry a bit is that so many security flaws are discovered in such a short time. As you see it?