---

Canonical Releases New Linux Kernel Security Update for Ubuntu 18.04 LTS

The Linux kernel security update addresses three vulnerabilities, including a race condition (CVE-2019-6133) in Linux kernel’s fork() system call, which could allow a local attacker to gain access to services were authorizations are cached, and a flaw (CVE-2018-18397) in the userfaultd implementation, which could allow a local attacker to modify files. Both issues were discovered by Jann Horn. Furthermore, the kernel security patch addresses a vulnerability (CVE-2018-19854) in Linux kernel’s crypto subsystem, which leads to leaked uninitialized memory to user space under certain situations. This would allow a local attacker to expose sensitive information (kernel memory). These security vulnerabilities affect Ubuntu 18.04 LTS and all of its official or unofficial derivatives.