New security flaw detected in Ubuntu systems, this time they have to do with the Linux Kernel they use and with which the attackers could deny the service and steal privileged information
A few days ago, we had published a news story in which it said that sand vulnerabilities had been detected en Ubuntu operating systems, because these days another security failure classified as serious has been detected.
The security error this time is a vulnerability in the Linux Kernel of the following versions of Ubuntu: Ubuntu 14.04 LTS Trusty Tahr and Ubuntu 15.04 Vivid Velvet. There were exactly two bugs in each version and they were discovered by users. Fortunately, they have already been corrected making it necessary to update
In version 14.04, the bugs were discovered a couple of days ago and they were as follows.
- User Benjamin Randazzo discovered that a local user could escalate privileges and steal private information through the kernel due to a multi-system controller failure.
- Marc-André Lureau has discovered that the Linux Kernel of this version I had not reserved or limited the space that can occupy the file where the registry is saved, then the system service could be denied with a DoS attack on this file.
In version 15.04, they have been discovered a few hours ago, They are very similar to those offered by version 14.04 and they were discovered by the same users.
- Benjamin Randazzo detected a information leak in the kernel Due to the failure of the Linux kernel multisystem driver, thanks to this a user can steal private information.
- Marc-André Lureau discovered that the same failure that he discovered in version 14.04 LTS was also produced here, that is, no space was reserved for the log file, so a denial of service could be made.
Of course these vulnerabilities affect all versions of Ubuntu, whether they are Ubuntu, Lubuntu, Edubuntu, Xubuntu ... and we must update immediately for greater security.
To do this, we will access the command console and type the classic command sudo apt-get-update and sudo apt-get upgradeIn this way we will be safe from attackers.
Does this bug only affect the Ubuntu district? or is it all like (Fedora, Debian, OpenSuse, RedHat, etc ...)
apt-get upgrade is to update apps and the system (without changing distribution), apt-get dist-upgrade is to update (change) the distro, if you have 14.04, when using dist-upgrade it will update to 14.10, if you want to update to 15.04 you have to use dist-upgrade in 14.04 and in 14.10.
Technical glitch haha, I change it now.
regards
It is not exact what you mention. The apt-get dist-upgrade command only updates the kernel. For example, if we have a Linux Kernel 3.16.50, 3.16.51 will be updated. If the distro version on Ubuntu 14.04 after the mentioned command it will still be Ubuntu 14.04. I don't use automatic updates, but I always update from the terminal (sudo apt-get update & sudo apt-get upgrade & sudo apt-get dist-upgrade).
regards
Ubuntu only, but in all its variables (Ubuntu Mate, Xubuntu ...)
regards
I'm a bit new to this, but the command that comes to the end is not to update the distribution, example from 14.04 to 15.04, what if I want to be protected but I don't want to update the version?
regards
Hello:
If it is sudo apt-get upgrade then with dist-upgrade it is to upload the version of the distribution.
Greetings.
Where is your God now ... I have been a Linux user for 15 years and most of the time I boast of having a "Safe" system. There is no safe OS, I think windows is insecure because it is more attractive for hackers to look for their vulnerabilities since more people use it, now that linux has taken an important leap, we will begin to discover more and more serious bugs.
Now but let's not compare, the difference is that Linux errors are corrected and Windows are hidden haha.
regards
My god is in heaven.
I got bored of occupying windows for so many blue screen, error after error :(
Incomplete updates causing what once "worked" to fail
Expenses and expenses for the purchase of antivirus and licenses to do my tasks and work.
Now GNU / Linux is the present and has captured the looks of those incredulous who did not believe in it, so now they eat their bitter words and their pride having to use it, copying it, making a district of it (hahahahaha) to continue subsisting and not remain in the past.
Nothing is perfect, but little by little we are discarding those things that do not serve us and they are left behind.
Greetings to all Linuxeros from the heart !!!!!
And congratulations to the creators of this blog.
By the way, I hope you can help me. I have been carrying out the updates since yesterday but a problem arose with the kernel update. When updating it throws me the following:
iemex @ iemex-AM1MHP: ~ $ sudo apt-get upgrade
Reading package list ... Done
Creating dependency tree
Reading the status information ... Done
Calculating the update ... Done
0 updated, 0 will be installed, 0 to remove, and 0 not updated.
6 not fully installed or removed.
0B of additional disk space will be used after this operation.
do you wish to continue? [Y / n] yes
Configuring linux-image-extra-3.16.0-50-generic (3.16.0-50.66 ~ 14.04.1) ...
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.16.0-50-generic /boot/vmlinuz-3.16.0-50-generic
run-parts: executing /etc/kernel/postinst.d/dkms 3.16.0-50-generic /boot/vmlinuz-3.16.0-50-generic
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.16.0-50-generic /boot/vmlinuz-3.16.0-50-generic
update-initramfs: Generating /boot/initrd.img-3.16.0-50-generic
gzip: stdout: No space left on device
E: mkinitramfs failure cpio 141 gzip 1
update-initramfs: failed for /boot/initrd.img-3.16.0-50-generic with 1.
run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 1
dpkg: error processing package linux-image-extra-3.16.0-50-generic (–configure):
the thread installed the post-installation script returned error exit code 1
dpkg: dependency issues preventing linux-image-generic-lts-utopic configuration:
linux-image-generic-lts-utopic depends on linux-image-extra-3.16.0-50-generic; However:
The package `linux-image-extra-3.16.0-50-generic 'is not configured yet.
dpkg: error processing package linux-image-generic-lts-utopic (–configure):
dependency issues - left unconfigured
dpkg: dependency issues preventing linux-generic-lts-utopic configuration:
linux-generic-lts-utopic depends on linux-image-generic-lts-utopic (= 3.16.0.50.41); However:
The `linux-image-generic-lts-utopic 'package is not configured yet.
dpkg: error processing package linux-generic-lts-utopic (–configure):
dependency issues - left unconfigured
dpkg: Dependency issues prevent configuring linux-signed-image-3.16.0-50-generic:
linux-signed-image-3.16.0-50-generic depends on linux-image-extra-3.16.0-50-generic (= 3.16.0-50.66 ~ 14.04.1); however, an "apport" report was not written because the error message indicates that it is an error message associated with a previous failure.
An "apport" report was not written because the error message indicates that it is an error message associated with a previous failure.
No "apport" report was written because the value of "MaxReports" has already been reached
No "apport" report was written because the value of "MaxReports" has already been reached
No "apport" report was written because the value of "MaxReports" has already been reached
o:
The package `linux-image-extra-3.16.0-50-generic 'is not configured yet.
dpkg: error processing package linux-signed-image-3.16.0-50-generic (–configure):
dependency issues - left unconfigured
dpkg: Dependency issues prevent configuring linux-signed-image-generic-lts-utopic:
linux-signed-image-generic-lts-utopic depends on linux-signed-image-3.16.0-50-generic; However:
The package `linux-signed-image-3.16.0-50-generic 'is not configured yet.
dpkg: error processing package linux-signed-image-generic-lts-utopic (–configure):
dependency issues - left unconfigured
dpkg: Dependency issues prevent configuring linux-signed-generic-lts-utopic:
linux-signed-generic-lts-utopic depends on linux-signed-image-generic-lts-utopic (= 3.16.0.50.41); However:
The package `linux-signed-image-generic-lts-utopic 'is not configured yet.
dpkg: error processing package linux-signed-generic-lts-utopic (–configure):
dependency issues - left unconfigured
Errors were encountered while processing:
linux-image-extra-3.16.0-50-generic
linux-image-generic-lts-utopic
linux-generic-lts-utopic
linux-signed-image-3.16.0-50-generic
linux-signed-image-generic-lts-utopic
linux-signed-generic-lts-utopic
E: Sub-process / usr / bin / dpkg Returned an error code (1)
iemex @ iemex-AM1MHP: ~ $
My Ubuntu is 14.04.2 LTS AMD64. The truth is I don't know what to do, I don't know if it can be corrected in the next Kernel update sent by Canonical or what. If someone can advise me, I will appreciate it because I do not have much time using a GNU / Linux system.
I'm not an Ubuntu expert but you seem to have run out of space on the / boot partition, where the kernel (the vmlinuz file) is hosted. Take a look to see if you have several kernels in that directory (you will differentiate them by the version number) and, in the case of a co-worker, I fixed it by deleting the oldest one, as well as the initrd and other files associated with it numbering (whenever you see that it is repeated).
On the other hand, I don't know if there will be any tool in Ubuntu to remove old kernels in a more secure way.
Thank you very much.
In fact it is a freshly installed Ubuntu (one week) and I have only had one kernel update. I remove the old kernels via Ubuntu Tweak. However I have not removed the old kernel from what I comment. So my doubt. In other computers I have had up to 4 old kernels and it had never happened to me.
Hi Javier, I have the same problem and I can't solve it, have you already solved it? Thank you
Well, as dhouard said, there is no space in / boot, but I think it is because in the computer that I installed it created an EFI boot sector, maybe it is also your case because it leaves a small space as recommended (no more than 40 kb). Solution: just remove the old kernel. I used Ubuntu Tweak and at the time it is removing the old kernel it installs the component that it could not install and the issue is fixed.
regards