It has always been said that Linux is much more secure than Windows or macOS, and that there are no viruses or security problems for this system. Far from reality, as in any other system, there are many gaps that, if found, can endanger the PC and users’ data. And therefore, if we are one of those who use a Linux distribution, such as Ubuntu , it is necessary to always install the latest security updates, to avoid problems.
Ubuntu is the most popular Linux distro that we can find today. This system offers a perfect balance between usability, performance and that ” Linux experience ” that everyone is looking for. A beautiful, careful and accessible system and, although it has its pluses and minuses (such as the support model, Canonical’s totalitarian decisions, or its radical community), we cannot deny that it is one of the best entry doors for those who they want to take the first steps within this OS.
Yesterday was the second Tuesday in April, that is, Patch Tuesday . Many companies, such as Microsoft or Adobe, take advantage of this day to launch new security patches for their products, correcting all the security flaws that may have appeared and that put users at risk. Thus, Canonical has followed the same steps as the other companies and has released an update for the Ubuntu Kernel, an update that we must install as soon as possible.
Install Ubuntu updates as soon as possible
Canonical has released a new kernel for its distro, Ubuntu, which focuses on fixing a total of 20 security flaws. These security flaws affect all supported versions, and are available in the kernels of other flavors of this distro, such as Kubuntu or Lubuntu, among others.
Because Canonical only gives 9 months of support for their systems, only the latest normal version of Ubuntu, 20.10, has received this update. And, of course, the extended support versions, LTS, which have 5 years of support. These are version 20.04, 18.04, 16.04 and 14.04 ESM.
The 2020 versions, running the Linux Kernel 5.8, have fixed CVE-2021-20239 , CVE-2021-20268, and CVE-2021-3178 . The first two bugs must be exploited together, as doing so results in a denial of service and the ability to execute remote code on the machine. And the third, a bug in NFS, allows you to bypass NFS access restrictions. The versions with Kernel 5.4 (20.04 and 18.04) have corrected CVE-2021-20194 (allows denial of service and system crash) and two bugs in Xen virtualization, CVE-2021-26930 and CVE-2021-26931 , which allow blocking the host system from a virtualized one. This bug has been present since Kernel 4.4, so it also affects other older versions.
Other security flaws that have also been fixed in the systems are:
- CVE-2020-25639 : denial of service in Nouveau drivers.
- CVE-2021-28375 : bug in the fastrpc driver that allows gaining privileges on the system.
- CVE-2021-28950 – Denial of service via crash in FUSE.
- CVE-2021-28038 : Xen virtualization bug that allows a machine to be locked.
- CVE-2015-1350 – Allow denial of service.
- CVE-2017-16644 : allows denial of service and run code from USB.
- CVE-2017-5967 : allows filtering personal information of users.
- CVE-2019-16231 and CVE-2019-16232 : two failures in the drivers Fujitsu ES and Marvell 8xxx Libertas WLAN that allows to cause denial of service.
- CVE-2019-19061 : bug in the ADIS16400 IIO IMU driver that allows to cause a denial of service.
- CVE-2021-20261 – Floppy drive controller error allowing system to hang or cause denial of service.
- CVE-2021-3347 and CVE-2021-3348 : two kernel failures that can cause a denial of service or allow code execution.
- CVE-2018-13095 – XFS driver crash that can crash a system by mounting a corrupt drive.
As we can see, there are bugs that had been registered in CVE since 2015 . A detail that, 6 years later, Canonical has finally made Ubuntu a little more secure.
How to update Linux
The new kernel versions are now available to all users using supported Ubuntu versions. To update Ubuntu, we just have to open a terminal and execute the following command:
sudo apt update && sudo apt full-upgrade
Also, if we prefer, we can use the software updater . Once the new kernel is downloaded, and after updating the system, we will be protected against these errors.
