---

Canonical Releases Kernel Security Update for Ubuntu 14.04 LTS, 8 Flaws Patched

The new kernel security update for Ubuntu 14.04 LTS (Trusty Tahr) is here to address two flaws (CVE-2015-8539 and CVE-2017-15299) discovered by Dmitry Vyukov and Eric Biggers in Linux kernel’s key management subsystem, which could allow a local attacker to either execute arbitrary code or crash the system via a denial of service. It also patches a use-after-free vulnerability (CVE-2016-7913) in the device driver for XCeive xc2028/xc3028 tuners, as well as a race condition (CVE-2017-0794) discovered by Pengfei Ding, Chenfu Bao, and Lenx Wei in the generic SCSI driver (sg), all of which could allow a local attacker to crash the system or execute arbitrary code.