On December 4, 2015, Canonical published another Ubuntu Security Notice to inform users of Ubuntu 15.04 (Vivid Vervet) about the availability of a kernel update for their operating systems, which patches the same security flaws that have been resolved for Ubuntu 14.04 LTS, affecting the Linux kernel 3.19 packages this time.
According to Canonical’s Ubuntu Security Notice USN-2829-1, the first kernel vulnerability was discovered in Linux kernel’s Stream Control Transmission Protocol (SCTP) implementation, which wasn’t able to correctly follow the protocol-initialization steps, allowing local attackers to crash the system via a denial of service.
On the other hand, the security notice mentions that the second flaw has been discovered by Linux kernel’s keyring handler, which attempted to garbage collect incompletely instantiated keys, allowing unprivileged local attackers to crash the system via a denial of service. The issue was discovered by Dmitry Vyukov.
Submitted by: Arnfried Walbrecht