14 DAY TRIAL // After patching a recently discovered systemd vulnerability in Ubuntu 17.04 and Ubuntu 16.10, Canonical today released a new major kernel update for all of its supported Ubuntu Linux operating systems, including Ubuntu 17.04, Ubuntu 16.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS (HWE), patching up to fifteen security flaws.
Today's kernel update comes only a week after the previous one that probably most of you are running on your Ubuntu distributions, which was also a major update patching up to eleven vulnerabilities across all of the supported architectures, including the infamous "Stack Clash" security flaw.
What makes today's kernel security update important is that Canonical addressed a regression introduced in last week's kernel packages when it fixed the "Stack Clash" vulnerability (CVE-2017-1000364), which affects some Java applications. Canonical apologizes for the inconvenience and urges users to update as soon as possible.
What's fixed in today's kernel update for all Ubuntu flavors
As mentioned before, the new kernel patch released today by Canonical addresses up to ten vulnerabilities across all supported Ubuntu releases and architectures, including the 64-bit, 32-bit, and Raspberry Pi 2 kernels. These include a double-free vulnerability (CVE-2017-8890) in the IPv4 stack, an out-of-bounds read error (CVE-2017-9074) in the IPv6 stack, and a bpf issue (CVE-2017-9150).
Additionally, the update fixes an issue (CVE-2017-1000363) in Linux kerne's parallel port printer driver, which incorrectly bounded check passed arguments, a flaw (CVE-2017-9075) in the handling of inheritance of the IPv6 stack, a security issue (CVE-2017-9076) in DCCP v6 subsystem, a vulnerability (CVE-2017-9077) in the TCP v6 subsystem, and another security flaw (CVE-2017-9242) in the IPv6 stack.
Only for Ubuntu 16.10, the updated kernel packages address a bug (CVE-2017-5577) in the VideoCore DRM driver, an integer overflow vulnerability (CVE-2017-7294) in the DRM driver (also patched in Ubuntu 14.04 LTS), and a use-after-free flaw (CVE-2017-7374) in the filesystem encryption subsystem. In Ubuntu 16.04 LTS, a reference count bug (CVE-2017-7487) was fixed in the ipx protocol stack.
Lastly, only for Ubuntu 14.04 LTS, the updated kernel address a use-after-free vulnerability (CVE-2014-9940) in the core voltage regulator driver, and a buffer overflow (CVE-2017-0605) in the trace subsystem. Users are urged to update their installations to the new kernel versions as soon as possible. To update your system, follow the instructions at https://wiki.ubuntu.com/Security/Upgrades.
The new kernel versions are linux-image 4.10.0-26.30 for Ubuntu 17.04, linux-image-4.10.0-1010-raspi2 4.10.0-1010.13 for Ubuntu 17.04 for Raspberry Pi 2, linux-image 4.8.0.58.71 for Ubuntu 16.10, linux-image-raspi2 4.8.0.1042.46 for Ubuntu 16.10 for Raspberry Pi 2, linux-image 4.4.0.83.89 for Ubuntu 16.04 LTS, linux-image 3.13.0.123.133 for Ubuntu 14.04 LTS, linux-image-4.4.0-83-generic 4.4.0-83.106~14.04.1 for Ubuntu 14.04.5 LTS, and linux-image-generic-lts-trusty 3.13.0.123.114 for Ubuntu 12.04 LTS.