Ubuntu 12.04 LTS is affected by a newly-discovered vulnerability in linux-lts-trusty.

The kernel is not currently limiting the RLIMIT_STACK size, which would allow an attacker to execute arbitrary code in some cases.

Also, SELinux was discovered not to handle empty writes to /proc/pid/attr in the proper way. This would also allow local attackers to execute code.

Both vulnerabilities are fixed in USN-3381-1

If you’re running Ubuntu 12.04 LTS, it is time to upgrade your kernel. You may download the latest kernel here.

Facebooktwittergoogle_plusredditpinterestlinkedinmail