On October 1, Canonical warned all Ubuntu 12.04 users to be aware of three Kernel Vulnerabilities. After it gave the warning signal, it offered the patches for these vulnerabilities.
First Kernel Vulnerability
The first Kernel Vulnerability was an integer overflow error that existed in the SCSI generic (sg) driver in the Linux kernel. A local attacker with write permission to a SCSI generic device could use this to cause a denial of service (system crash) or potentially escalate their privileges.
Second Kernel Vulnerability
The second Kernel Vulnerability was discovered by Marc-Andre Lureau. The vhost driver did not properly release the userspace provided log file descriptor. A privileged attacker could use this to cause a denial of service (resource exhaustion).
Third Kernel Vulnerability
It was discovered that the Linux kernel’s perf subsystem did not bound callchain backtraces on PowerPC 64. A local attacker could use this to cause a denial of service.
Canonical urges all users of the Ubuntu 12.04 LTS (Precise Pangolin) operating system and its derivatives that use the Linux 3.2.0 kernel packages to upgrade immediately to linux-image-3.2.0-91 (3.2.0-91.129).
You can install updates by accessing Update Manager.
You can access Update Manager by pressing “Alt+F2”. Then enter “update-manager” and press Enter.
Once Update Manager is open, you can select pending updates or check for new updates. Then press the “Install Now (Updates)” button to upgrade the selected packages to the updated version. After you update the system, a reboot is required to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.