Ubuntu LTS kernels were updated to latest version. The update includes a number of security bug fixes.
Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare. conf will automatically update, and no action is needed for them.
ubuntu-trusty:
CVE-2015-7550: It was discovered that the Linux kernel keyring subsystem contained
a race between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash).
CVE-2015-8543: It was discovered that the Linux kernel networking implementation
did not validate protocol identifiers for certain protocol families, A local attacker
could use this to cause a denial of service (system crash) or possibly gain administrative
privileges.
CVE-2015-8569: Dmitry Vyukov discovered that the pptp implementation in the Linux
kernel did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information from
kernel memory.
CVE-2015-8575: David Miller discovered that the Bluetooth implementation in the
Linux kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive
information.
CVE-2015-8785: It was discovered that the Linux kernel's Filesystem in Userspace
(FUSE) implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable task).
cvelist: [CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785]
latest-version: kernel-3.13.0-79.123
ubuntu-trusty-lts-utopic:
CVE-2015-8785: It was discovered that the Linux kernel's Filesystem in Userspace
(FUSE) implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable task).
cvelist: [CVE-2015-8785]
latest-version: kernel-3.16.0-62.82~14.04.1
ubuntu-trusty-lts-vivid:
CVE-2015-7550: It was discovered that the Linux kernel keyring subsystem contained
a race between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash).
CVE-2015-8543: It was discovered that the Linux kernel networking implementation
did not validate protocol identifiers for certain protocol families, A local attacker
could use this to cause a denial of service (system crash) or possibly gain administrative
privileges.
CVE-2015-8569: Dmitry Vyukov discovered that the pptp implementation in the Linux
kernel did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information from
kernel memory.
CVE-2015-8575: David Miller discovered that the Bluetooth implementation in the
Linux kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive
information.
CVE-2015-8785: It was discovered that the Linux kernel's Filesystem in Userspace
(FUSE) implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable task).
cvelist: [CVE-2015-7550, CVE-2015-8543, CVE-2015-8569, CVE-2015-8575, CVE-2015-8785]
latest-version: kernel-3.19.0-51.57~14.04.1
ubuntu-trusty-lts-wily:
CVE-2015-8785: It was discovered that the Linux kernel's Filesystem in Userspace
(FUSE) implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable task).
CVE-2016-2069: Andy Lutomirski discovered a race condition in the Linux kernel's
translation lookaside buffer (TLB) handling of flush events. A local attacker
could use this to cause a denial of service or possibly leak sensitive information.
cvelist: [CVE-2015-8785, CVE-2016-2069]
latest-version: kernel-4.2.0-30.35~14.04.1
