This "worries": Canonical releases new kernel versions to fix security flaws

Pablinux

2 minutes

Linux Kernel 5.0.0-19 from Canonical

It may not worry, but it does attract attention. And it is that last week many security patches were released, such as those of the new versions of Firefox (67.0.3 y 67.0.4) or, more related to this post, a new update of the Ubuntu kernel. The previous patch was released on Tuesday the 18th, so we can say that that version has not lasted a week until Canonical has released a new one to fix more security flaws.

Initially, the security flaws discovered only affect Ubuntu 19.04 Disco Dingo, Ubuntu 18.04 Cosmic Cuttlefish and Ubuntu 18.04 Bionic Beaver, so the still supported Ubuntu 16.04 Xenial Xerus and an Ubuntu 19.10 Eoan Ermine that is currently in development phase. The bug that corrects Linux 5.0.0-19 is CVE-2019-12817 on 64-bit PowerPC systems (ppc64el) and can allow a local attacker to access memory content or corrupted memory of other processes.

Canonical releases second kernel update in 7 days

As always in these cases, Canonical recommends updating all users who are using an affected version. The new kernel versions are 5.0.0-19.20 for Ubuntu 19.04, 4.18.0-24.25 for Ubuntu 18.10 and 4.18.0.24.25~ 18.04.1 for Ubuntu 18.04.x.

Last week, two days after the release of the previous update, Canonical also released the Live Patch versions of the same patch. The difference between both versions is that one is aimed at computers incompatible with Live Patch or compatible that have it disabled, and complete their installation after the system reboot, and the Live Patch versions do not require a restart. The main version of this article is the normal version, so we will not be protected until we restart the computer.

Although it is true that it is worthwhile to always have the software updated, this is a new case in which I would not worry too much because the failure can only be exploited by having physical access to the equipment. What does worry a bit is that so many security flaws are discovered in such a short time. As you see it?


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   jolpun said
    ago 5 years

    Well, if they are discovered, it is not worrying, the worrying thing would be that they were not discovered, there will always be security flaws, it is impossible that there are not, so if they are discovered and patched, it is the right thing to do and what to expect.

    Reply to jolpun