14 DAY TRIAL // Following yesterday's news about the availability of a new Linux kernel security update for Ubuntu 14.04 LTS and Ubuntu 16.10 operating systems, Canonical also announced a major kernel release of Ubuntu 16.04 LTS.
If you're using Ubuntu 16.04.2 LTS (Xenial Xerus) with the Linux 4.8 kernel from Ubuntu 16.10 (Yakkety Yak), you don't have to worry about any of the following vulnerabilities, as they only affect users of Ubuntu 16.04 LTS, Ubuntu 16.04.1 LTS or Ubuntu 16.04.2 LTS running the long-term supported Linux 4.4 kernel series.
According to Ubuntu Security Notice USN-3265-1, a total of ten vulnerabilities were patched in the Linux 4.4 kernel packages of Ubuntu 16.04 LTS, affecting all supported architectures, including Raspberry Pi 2, Snapdragon processors, as well as Amazon Web Services (AWS) and Google Container Engine (GKE) systems.
Here's what was patched in the new kernel for Ubuntu 16.04 LTS
The first security flaw (CVE-2017-7374) is an use-after-free discovered in Linux kernel's file system encryption subsystem, which could allow a local attacker to crash the system by causing a denial of service. The second security issue (CVE-2017-5897) was discovered by Andrey Konovalov in Linux kernel's IPv6 GRE (Generic Routing Encapsulation) tunneling implementation, allowing an attacker to expose sensitive information.
Also discovered by Andrey Konovalov, the third vulnerability (CVE-2017-5970) was found in Linux kernel's IPv4 implementation, which failed to properly handle invalid IP options, allowing an attacker to either execute arbitrary code or cause a denial of service and crash the affected, unpatched system.
The fourth security issue (CVE-2017-5669) was discovered by Gareth Evans in Linux kernel's shm IPC subsystem, which incorrectly restricted mapping page zero, allowing a privileged local attacker to execute arbitrary code. The fifth vulnerability (CVE-2017-5986) is a race condition discovered by Alexander Popov in Linux kernel's SCTP (Stream Control Transmission Protocol) implementation, and it could allow a local attacker to crash the system via a denial of service.
Discovered by Andrey Konovalov, the sixth and seventh vulnerabilities (CVE-2017-6345 and CVE-2017-6347) were discovered in Linux kernel's LLC subsystem and IP layer. Both of them could allow a local attacker to crash the system by causing a denial of service, or possibly execute arbitrary code.
The eighth security issue (CVE-2017-6346) is a race condition discovered in Linux kernel's AF_PACKET handling code, which could allow a local attacker to either execute arbitrary code or crash the vulnerable machine by causing a denial of service. The ninth security flaw (CVE-2017-6348) was discovered by Dmitry Vyukov in Linux kernel's Infrared (IrDA) subsystem, allowing a local attacker to cause a denial of service (deadlock).
Finally, the most important security issue (CVE-2017-6214) fixed in this kernel update for Ubuntu 16.04 LTS (Xenial Xerus) was discovered by Dmitry Vyukov. It appears that Linux kernel failed to properly handle TCP packets with the URG flag, which could allow a remote attacker to cause a denial of service and crash the affected machine.
Users of Ubuntu 16.04 LTS and any official derivatives using the Linux 4.4 kernel are urged to update their systems immediately to the following new kernel versions: linux-image-generic 4.4.0.75.81 for 64-bit or 32-bit machines, linux-image-4.4.0-1054-raspi2 4.4.0-1054.61 for Raspberry Pi 2, linux-image-gke 4.4.0.1012.14 for Google Container Engine (GKE) systems, and linux-image-4.4.0-1057-snapdragon 4.4.0-1057.61 for Snapdragon processors.
Additionally, there's linux-image-4.4.0-1016-aws 4.4.0-1016.25 for Amazon Web Services (AWS) systems, linux-image-powerpc-e500mc 4.4.0.75.81 for PowerPC e500mc machines, linux-image-powerpc-smp 4.4.0.75.81 for PowerPC SMP systems, and linux-image-4.4.0-75-powerpc64-smp 4.4.0-75.96 for PPC64 SMP systems. To update your system, please follow the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades.