Canonical Releases Major Kernel Security Update for Ubuntu 14.04 to Fix 26 Flaws

A total of 26 security flaws were fixed in today’s kernel update for Ubuntu 14.04 LTS systems and derivatives, including an out-of-bounds write vulnerability in Linux kernel’s F2F (Flash-Friendly File System) file system, a use-after-free flaw in Linux kernel’s ALSA PCM subsystem, and an integer overflow in Linux kernel’s sysfs interface for the QLogic 24xx+ series SCSI driver. Additionally, the kernel update addresses a use-after-free vulnerability in Linux kernel’s SCTP protocol implementation, as well as a race condition in the LEGO USB Infrared Tower driver and a use-after-free vulnerability in the USB serial console driver, both allowing a physically proximate attacker to execute arbitrary code or crash the system with a denial of service attack.