14 DAY TRIAL // On December 5, 2016, Canonical published several security advisories to inform users of the Ubuntu Linux operating system about the availability of new kernel builds for their OSes, patched against a critical security vulnerability.
According to these new Ubuntu Security Notices, a security issue affects the Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), Ubuntu 12.04 LTS (Precise Pangolin), and their derivatives, including Ubuntu 16.10 for Raspberry Pi 2 and Ubuntu 16.04 LTS for Raspberry Pi 2.
The kernel vulnerability appears to have been a race condition, discovered by Philip Pettersson in Linux kernel's af_packet implementation, which could have allowed an unprivileged local attacker to crash the vulnerable system or run programs with administrative privileges (as root).
Canonical urges all users to update their systems immediately
The security flaw can be corrected if you update your Ubuntu Linux system to linux-image 4.8.0.30.39 for Ubuntu 16.10, linux-image-raspi2 4.8.0.1020.23 for Ubuntu 16.10 for Raspberry Pi 2, linux-image 4.4.0.53.56 for Ubuntu 16.04 LTS, as well as linux-image-raspi2 4.4.0.1034.33 for Ubuntu 16.04 LTS for Raspberry Pi 2.
Ubuntu 14.04 LTS users need to update their systems to linux-image 3.13.0.105.113 or linux-image-lts-xenial 4.4.0.53.40 if they're using Ubuntu 14.04.5 LTS. In the same manner, you need to update your installation to linux-image 3.2.0.118.133 if you're using Ubuntu 12.04 LTS, or linux-image-lts-trusty 3.13.0.105.96 for Ubuntu 12.04.5 LTS.
To update your system, you can use either Ubuntu Software or Synaptic Package Manager graphical package managers, or the APT command-line package manager. Please follow the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades for more details and don't forget to reboot your system.
Also, please note that due to an impending ABI change, you might need to rebuild any third-party kernel modules you have installed on your Ubuntu system after updating to a new Linux kernel version. However, a standard system upgrade should automatically perform this as well if you didn't remove the standard kernel metapackages.