back to article Ubuntu plugs code exec, DoS Linux kernel holes

Ubuntu has patched four Linux kernel vulnerabilities that allowed for arbitrary code execution and denial of service attacjs. The flaws (CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847) is fixed in Ubuntu 14.04 LTS. Researcher Venkatesh Pottem found a use-after-free vulnerability in the Linux kernel CXGB3 driver …

  1. frank ly

    The only constant is change

    The next LTS version, out soon, will be smothered in love and patches until 2021. However, due to improvements in the kernel, changes to the desktop manager, improvements to systemd, a new graphics engine and some cool new ways of managing your desktop wallpaper depending on which 'context' you're using your computer, it will have at least one serious flaw that won't be discovered until 2020.

    1. hplasm
      Devil

      Re: The only constant is change

      "...improvements to systemd..."

      You mean- it's gone?

  2. batfastad
    Headmaster

    The flaws...

    ... is fixed.

    1. Anonymous Coward
      Anonymous Coward

      Re: The flaws...

      "the flaws is fixed", really? That's nearly as bad as Brian Cox saying "Data is never bad"

      These things are plural !

      Ok, off to take meds now.

  3. mfraz

    Attacjs

    Something attacked your spell checker?

    1. alexdonald

      Re: Attacjs

      It's a new WebDev framework

      1. John Brown (no body) Silver badge

        Re: Attacjs

        I thought it was a javascript blocker

  4. MrWibble

    "This is kind of a big deal because the mess is in 14.04 LTS, expiry date 2019"

    not really - the "S" stands for "support" - people use this version because they know they're going to get security updates for a long time.

    But a headline of "Long Term Support Ubuntu continues to update security holes" isn't particularly interesting.

    1. phuzz Silver badge

      I think the point they were trying to make, was that it doesn't seem to affect any other versions of Ubuntu, the advisory specifically only mentions 14.04.

      I guess that means that if the flaw exists in (eg) 13.10 they're not fixing it, and it doesn't exist in the newer versions that they are still supporting.

      All of which is why you should either use the LTS version, or upgrade every year or so.

  5. dajames

    Updates issued for still-supported OS version!

    I don't really see what's so newsworthy here. 14.04LTS is still supported, and here's Canonical supporting it. Great, but unsurprising.

    What I do find a little surprising is that the CVE articles mentioned in the advisory seem to suggest that Ubuntu 12.04LTS (Precise Pangolin, supposedly supported until April 2017) hasn't received all these patches yet.

    1. handle

      Re: Updates issued for still-supported OS version!

      Are you new here? Since when has "newsworthy" been a necessary criterion for a Register article?

      1. Kurt Meyer

        Re: Updates issued for still-supported OS version!

        @handle

        "Are you new here?"

        No BS, I really cannot tell if yours is a serious question or not.

        If, indeed, it is a serious question, I would urge you to observe the small bronze badge just to the right of dajames' handle.

    2. Fatman

      Re: Updates issued for still-supported OS version!

      <quote>What I do find a little surprising is that the CVE articles mentioned in the advisory seem to suggest that Ubuntu 12.04LTS (Precise Pangolin, supposedly supported until April 2017) hasn't received all these patches yet.</quote>

      And probably won't because 12.04 uses an older (3.2 vs 3.13) kernel.

  6. Anonymous Coward
    Anonymous Coward

    14.04?

    as in, Windows 10's latest feature?

    http://www.theregister.co.uk/2016/04/07/windows_10_with_ubuntu_now_in_public_preview/

    There's a joke there. I can tell.

  7. John Sanders
    Linux

    So Ubuntu inside Windows

    Bugs wrapped in more bugs.

  8. PeterPicapiedra

    Noob speaking... I'm on 14.04 with latest kernel, 4.5 (in fact the last stable one is 4.5.1). Do I have this vulnerability?

    Thanks

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like