Stories
Slash Boxes
Comments

SoylentNews is people

Canonical Releases New Kernel Live Patch for Ubuntu 16.04 LTS & Ubuntu 14.04 LTS

posted by martyb on Friday May 11 2018, @01:17AM   Printer-friendly
from the improved-security-plus-continued-impressive-uptime dept.

-- OriginalOwner_ writes:

Softpedia reports

The patch addresses a total of nine security vulnerabilities

[...] All these flaws could [allow] local attackers to either crash the system or execute arbitrary code, bypass intended access restrictions to the connection tracking helpers list, as well as to inappropriately modify the system-wide operating system fingerprint list. Canonical urges all Ubuntu 16.04 LTS and Ubuntu 14.04 LTS users using the Canonical Livepatch to update their system immediately. A restart is not required when updating the kernel [using the] live patch.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Canonical Releases New Kernel Live Patch for Ubuntu 16.04 LTS & Ubuntu 14.04 LTS | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by boltronics on Friday May 11 2018, @02:30AM (1 child)

    by boltronics (580) on Friday May 11 2018, @02:30AM (#678246) Homepage Journal

    That's old news. What about the kernel security issue that came out just a few days later?

    https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-May/004386.html [ubuntu.com]

    "The fix for this problem requires modification of the interrupt descriptor
    tables (IDT), and modification of the interrupt handlers. Livepatch is
    unable to safely modify these areas, so upgrading to a corrected kernel
    and rebooting is required to fix the problem."

    So you've still got to reboot if you want to remain secure.

    --
    It's GNU/Linux dammit!
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1, Interesting) by Anonymous Coward on Friday May 11 2018, @02:43AM

    by Anonymous Coward on Friday May 11 2018, @02:43AM (#678248)

    Plus live patching doesn't completely negate the need to reboot. After a live patch, every call has added overhead to determine whether it is patched or not, which increases per live patch installed. Also, depending on the work it does, it can murder performance, cause instability, and increase attack surface area for escalation attacks. Only with a reboot do you get the fresh kernel.