A security issue affects the Linux 3.13 kernel of the Ubuntu14.04 LTS (Trusty Tahr) operating system series and its derivatives, including Kubuntu, Xubuntu, Lubuntu, Ubuntu Kylin, Ubuntu Studio, Mythbuntu, and others, allowing attackers to run programs as an administrator.
The vulnerability is a race condition (CVE-2019-6133) discovered by Jann Horn of Google Project Zero in Linux kernel’s fork() system call, which could allow a local attacker to gain access to services storing cache authorizations and run programs with administrative privileges.
“The system could be made to run programs as an administrator. Jann Horn discovered a race condition in the fork() system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations,” reads the security notice.
Users must update their installations immediately
To fix the security issue, Canonical recommends all Ubuntu 14.04 LTS (Trusty Tahr) users to update their installations as soon as possible to the new kernel versions available in the stable software repositories, following the instructions at https://wiki.ubuntu.com/Security/Upgrades.
The new kernel versions users need to update to are linux-image 3.13.0-166.216 for 32-bit, 64-bit, and PowerPC 64-bit installations. A corresponding Linux Hardware Enablement (HWE) kernel update from Ubuntu 14.04 LTS is also available for Ubuntu 12.04 ESM users as linux-image 3.13.0-166.216~precise1.
Please note that you must restart your computer after installing the new kernel version for the security issue to be patched. Also, you might need to rebuild and reinstall any third-party kernel modules you might have installed. Ubuntu 14.04 LTS (Trusty Tahr) will be supported until April 30, 2019.