Users urged to update their systems immediately

May 21, 2017 21:40 GMT  ·  By

Last week, when Canonical published new kernel updates for all of its supported Ubuntu Linux releases, they also pushed a new kernel live patch to users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system using the Canonical Livepatch Service.

Only two security flaws are patched, the first being a user-after-free vulnerability (CVE-2017-7374) discovered in Linux kernel's filesystem encryption subsystem, which could have allowed a local attacker to crash the affected, unpatched machine by causing a denial of service (DoS attack).

The second security flaw (CVE-2016-7097) was discovered by Jan Kara and Andreas Gruenbacher in Linux kernel's filesystem implementation, which failed to clear the setgid bit during a setxattr call, thus allowing a local attacker to elevate group privileges.

Canonical recommends users to install an updated kernel too

To fix the two vulnerabilities mentioned above, you need to install the latest livepatch kernel that's available from the Canonical Livepatch Service on your Ubuntu 16.04 LTS (Xenial Xerus) operating system. Additionally, Canonical recommends installing an updated kernel too.

Of course, the whole point of the kernel live patch is not to be forced to reboot your computer, but if you also install the latest available kernel packages for the stable repositories of the distribution, you will have to reboot the computer at some point for the new kernel version to take effect.

Please try to keep in mind that Canonical only provides kernel livepatches for Ubuntu 16.04 LTS users using the Linux 4.4 kernel (generic or lowlatency). More details about how to install the Canonical Livepatch Service on your machine can be found at https://ubuntu.com/livepatch. The service is free for up to three PCs.

If you're using Ubuntu 16.04.2 LTS with the Linux 4.8 HWE (hardware enablement) kernel packages from the Ubuntu 16.10 (Yakkety Yak) operating system, you won't be able to install this livepatch kernel. However, Canonical recently released an updated kernel for users of Ubuntu 16.04.2 LTS that addresses multiple vulnerabilities.