Canonical has released several patches addressing flaws in the Linux kernel and OpenSSL that left Ubuntu users open to escalation of privilege and denial-of-service (DoS) attacks.
The most serious of the fixes covers a variety of flaws that could be used to gain elevated or administrative privileges on the victim machine.
"A memory corruption issue was discovered in AES decryption when using the Intel AES-NI accelerated code path. A remote attacker could exploit this flaw to cause a DoS (system crash) or potentially escalate privileges on Intel-based machines," read the Ubuntu security advisory.
"[Bug hunter] Wen Xu [also] discovered a use-after-free flaw in the Linux kernel's IPv4 ping support. A local user could exploit this flaw to cause a DoS (system crash) or gain administrative privileges on the system."
The seriousness of the flaws led the US-CERT to issue an advisory urging Ubuntu users to install the updates.
"Ubuntu has released 10 security updates to address multiple vulnerabilities affecting Ubuntu 15.04, 14.10, 14.04 LTS, and 12.04 LTS," it said.
"Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected system. US-CERT encourages users and administrators to review Ubuntu Security Notices."
The remaining fixes address back-end problems in Ubuntu and OpenSSL that could be exploited only for DoS attacks.
These include fixes for the way OpenSSL handles malformed ECParameters structures ASN1_TIME strings, missing content when parsing ASN.1-encoded PKCS#7 blobs, NewSessionTickets being used by a multi-threaded client and signedData messages using CMS code.
Ubuntu also issued a general security improvement that "modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack".
The news follows widespread concerns about OpenSSL security that spiked in 2014 when the Heartbleed bug was discovered.
Heartbleed is a flaw in the OpenSSL implementation of the TLS protocol used by open source web servers such as Apache and Nginx, which host around 66 percent of all sites.
The serious nature of the bug led the researchers to launch a huge independent audit of OpenSSL security in March as a part of a wider push by the Linux Foundation to improve open source projects' cyber defences.
Cisco released a fix addressing flaws in its IPv6 processing code for the IOS XR Software for Cisco CRS-3 Carrier Routing System alongside the Ubuntu update that could similarly be exploited for DoS attacks.
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal
Microsoft, Google and Samsung all targeted as Avast admits to the scale of the CCleaner compromise
Not all loose ends tied yet, admits Bain backer SK Hynix