14 DAY TRIAL // Canonical published today a new set of Linux kernel security updates for all supported Ubuntu releases, which patch up to 12 vulnerabilities discovered lately by various security researchers.
Affected Ubuntu releases include Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), Ubuntu 12.04 ESM (Extended Security Maintenance), as well as all official derivatives, including Kubuntu, Xubuntu, Lubuntu, Ubuntu MATE, Ubuntu GNOME, Ubuntu Studio, Ubuntu Kylin, and Ubuntu Budgie.
Among the Linux kernel components fixed in these updates, we can mention the KVM subsystem, the F2FS (Flash-Friendly File System) implementation, the Xen virtual block driver, the XFS filesystem, the netlink wireless configuration, the ATI Radeon framebuffer driver, the iSCSI transport implementation the Floating Point Unit (fpu) subsystem, and the key management subsystem.
Bugs were fixed for the generic SCSI driver and the Turtle Beach MultiSound audio device driver. Additionally, the updates fix a use-after-free vulnerability in the POSIX message queue implementation, an integer overflow in the sysfs interface for the QLogic 24xx+ series SCSI driver, a race condition existed in the timerfd subsystem, and a heap-based buffer overflow in the tipc_msg_build() function.
Users are urged to updated their installations immediately
Skilled attackers can only locally exploit these vulnerabilities, as no remote vulnerability is present in today's kernel updates, but you still have to patch your Ubuntu installations, so make sure that you update the kernel packages to the new versions (see below) as soon as possible. Canonical provides detailed information on how to update your Ubuntu OS at https://wiki.ubuntu.com/Security/Upgrades.
The new kernel versions are linux-image 4.10.0.38.38 for Ubuntu 17.04, linux-image-raspi2 4.10.0.1020.21 for Ubuntu 17.04 for Raspberry Pi, linux-image 4.4.0.98.103 for Ubuntu 16.04 LTS, linux-image-raspi2 4.4.0.1076.76 for Ubuntu 16.04 LTS for Raspberry Pi, and linux-image 3.13.0.135.144 for Ubuntu 14.04 LTS.
HWE users need to udpate to linux-image-generic-hwe-16.04 4.10.0.38.40 for Ubuntu 16.04.3 LTS with the Ubuntu 17.04 HWE kernel, linux-image-generic-lts-xenial 4.4.0.98.82 for Ubuntu 14.04.5 LTS with the Ubuntu 16.04 LTS HWE kernel, and linux-image-generic-lts-trusty 3.13.0.135.125 for Ubuntu 12.04.5 ESM with the Ubuntu 14.04 LTS HWE kernel.