Ubuntu kernel patches land

Canonical has pushed a bunch of important kernel security updates.

In the aging Ubuntu 12.04 LTS, the fixes are described here.

Only one of the vulnerabilities is remotely exploitable – CVE-2015-8767, a race condition when handling heartbeat timeouts, and can be exploited to cause a system crash.

There are three local crash bugs with possible privilege escalation or information disclosure vulnerabilities – CVE-2015-8812, a use-after-free bug in the CXBG3 driver; CVE-2016-0723, a race condition in the TTY driver's ioctl handler; and CVE-2016-0774, a pipe manager bug.

There's an entertaining list of Advanced Linux Sound Architecture (ALSA) bugs (don't we all just love ALSA?), and a few other fixes.

Users and sysadmins should note that 12.04 LTS is only on the update list until April 2017.

Ubuntu 14.04 LTS has its own list of bugs here, all of them requiring local access to be classed as vulnerabilities, and pretty much the same list of CVEs has been fixed in Ubuntu 15.10 here. ®