14 DAY TRIAL // Canonical on Friday published multiple Ubuntu Security Notices (USNs) to inform Ubuntu users about the availability of new Linux kernel versions for their supported releases.
Two security issues are affecting the Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin), as well as all of their official derivatives, including Kubuntu, Lubuntu, Xubuntu, Ubuntu Studio, Ubuntu MATE, Ubuntu GNOME, and Ubuntu Kylin.
Both security flaws patched by the new kernel updates were discovered by Andrey Konovalov. The first is a race condition (CVE-2017-1000112) found in Linux kernel's UDP Fragmentation Offload (UFO) code, which could allow a local attacker to either execute arbitrary code or crash the affected system by causing a denial of service.
Also a race condition, the second kernel vulnerability (CVE-2017-1000111) was discovered by the developer Linux kernel's AF_PACKET socket option handling code, which could allow an unprivileged, local attacker to either cause a denial of service and crash the affected system or possibly execute arbitrary code.
Users are urged to update their systems immediately
Canonical urges all Ubuntu users to update their installations immediately. You'll have to install linux-image 4.10.0.32.32 on Ubuntu 17.04, linux-image-raspi2 4.10.0.1015.16 on Ubuntu 17.04 for Raspberry Pi 2, linux-image 4.4.0.91.96 on Ubuntu 16.04 LTS, as well as linux-image 3.13.0-128.177 on Ubuntu 14.04 LTS.
Similar kernels were released for Amazon Web Services (AWS) and Google Container Engine (GKE) systems, as well as Snapdragon processors, Raspberry Pi 2 SBCs, and PowerPC/PowerPC64 architectures on Ubuntu 16.04 LTS, and Ubuntu 16.04.3 LTS users can install the Zesty HWE kernel, too.
Xenial HWE and Trusty HWE kernels are available as well for Ubuntu 14.04.5 LTS and Ubuntu 12.04.5 LTS systems, respectively. Canonical provides detailed instructions on how to update your computers at https://wiki.ubuntu.com/Security/Upgrades. Don't forget to reboot your machines after installing the new kernel!