14 DAY TRIAL // Just one day after announcing the availability of new kernel versions for all of its supported Ubuntu Linux operating systems, Canonical published a new kernel live patch security notice for Ubuntu 16.04 LTS (Xenial Xerus).
We remind you that Canonical offers a Livepatch Service for Ubuntu 16.04 LTS users, designed to reduce planned or unplanned reboots when updating the kernel packages. Canonical Livepatch Service is available for everyone for up to three computers, but you can also purchase a monthly subscription if you need to install it on more PCs.
On December 7, 2016, the company behind the popular Ubuntu Linux operating system announced that a new patch was live for those using Canonical Livepatch Service on Ubuntu 16.04 LTS or later, bringing fixes for three recently discovered kernel vulnerabilities, including CVE-2016-8655, CVE-2016-6480, and CVE-2016-6828.
Here are the kernel vulnerabilities fixed by LSN-0014-1
Dubbed LSN-0014-1, the new kernel live patch security notice addresses the infamous race condition discovered by Philip Pettersson in Linux kernel's af_packet implementation, which could have allowed an unprivileged local attacker to crash the vulnerable system or run programs as a system administrator (root).
The second security issue fixed in this update is another race condition, but this time discovered by Pengfei Wang in Linux kernel's Adaptec AAC RAID controller driver when handling ioctl()s. This could have allowed a local attacker to crash the vulnerable system by causing a denial-of-service attack (DoS attack).
The third security flaw is a use-after-free condition discovered by Marco Grassi in Linux kernel's TCP retransmit queue handling code, which could have allowed a local attacker to crash the vulnerable system or execute arbitrary code. The kernel live patch update is now live for Ubuntu 16.04 LTS users.