14 DAY TRIAL // On January 11, Canonical released the first security patches of 2017 to address up to four Linux kernel vulnerabilities in all supported Ubuntu Linux operating systems.
These days, Canonical only releases security fixes as a pack, for all Ubuntu releases, and the first one for the new year isn't even all that big. There are two security issues affecting Ubuntu 16.10 (Yakkety Yak) and Ubuntu 12.04 LTS (Precise Pangolin), three flaws affecting Ubuntu 16.04 LTS (Xenial Xerus), and four affecting Ubuntu 14.04 LTS (Trusty Tahr).
The first vulnerability affected all releases and was discovered by Dmitry Vyukov in Linux kernel's KVM implementation, which couldn't properly initialize the Code Segment (CS) in certain error cases, allowing a local attacker to expose sensitive information from kernel memory. The issue is documented as CVE-2016-9756 for more information, as it affects other Linux distributions.
Affecting only Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 16.04 LTS, the second security flaw appears to be a race condition discovered by Baozeng Ding in Linux kernel's ALSA (Advanced Linux Sound Architecture) sound system, which could allow a local attacker to crash the system by causing a denial of service. The vulnerability is documented as CVE-2016-9794.
The third security issue affected the Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10 releases. It was discovered by Andrey Konovalov Linux kernel's setsockopt() system call as signed integer overflows when handling the SO_RCVBUFFORCE and SO_SNDBUFFORCE options, allowing a local attacker with the CAP_NET_ADMIN capability to cause a memory corruption or crash the system via a denial of service. The issue is documented as CVE-2016-9793.
Ubuntu 14.04 LTS, being the most vulnerable release of the year, gets one more security issue patched, namely a double free, discovered by Baozeng Ding in Linux kernel's netlink_dump() function, which could have allowed a local attacker to crash the system by causing a denial of service. This vulnerability is documented as CVE-2016-9806.
All Ubuntu users need to update their systems as soon as possible
As you can see, there's no remote escalation this time, so these security flaws aren't all that bad. However, this doesn't mean that you shouldn't update your Ubuntu Linux installation right now. The new kernel versions are linux-image 3.2.0-120.163 for Ubuntu 12.04 LTS, linux-image 3.13.0-107.154~precise1 for Ubuntu 12.04 LTS Trusty HWE, linux-image 3.13.0-107.154 for Ubuntu 14.04 LTS, and linux-image 4.4.0-59.80~14.04.1 for Ubuntu 14.04 LTS Xenial HWE.
On the other hand, Ubuntu 16.04 LTS users need to update their systems to the linux-image 4.4.0-59.80 kernel, as well as linux-image-4.4.0-1040-raspi2 4.4.0-1040.47 if they're using the Raspberry Pi 2 kernel, and Ubuntu 16.10 users need to update their installations to linux-image 4.8.0-34.36, and linux-image-4.8.0-1022-raspi2 4.8.0-1022.25 if they're using the Raspberry Pi 2 port. To update your system, please follow the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades.