14 DAY TRIAL // Today, October 11, 2016, Canonical published several security advisories to inform Ubuntu users about new Linux kernel updates for their supported operating systems.
Four new kernel vulnerabilities are affecting Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 14.04 LTS (Trusty Tahr) or later versions, and the Ubuntu 12.04 LTS (Precise Pangolin) series of operating systems. They are also affecting the Ubuntu 16.04 LTS for Raspberry Pi 2 kernel.
The first security flaw is an unbounded recursion in Linux kernel's VLAN and TEB Generic Receive Offload (GRO) processing implementations, which could have allowed a remote attacker to crash the system through a denial of service or cause a stack corruption. It was discovered by Vladimír Beneš and affects Ubuntu 16.04 and 14.04.
The second vulnerability is a use-after-free condition in Linux kernel's TCP retransmit queue handling code, which could have allowed a local attacker to crash the system through a denial of service or execute malicious code. The issue was discovered by Marco Grassi and affects Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS.
The third kernel issue is a race condition in Linux kernel's s390 SCLP console driver, which could have allowed a local attacker to retrieve delicate information from kernel memory. This vulnerability was discovered by Pengfei Wang and affects only users of the Ubuntu 16.04 LTS operating system, excluding the Raspberry Pi 2 kernel.
The fourth and fifth security flaws are race conditions discovered by Pengfei Wang in Linux kernel's audit subsystem and Adaptec AAC RAID controller driver respectively, which could have allowed a local attacker to crash the system via a denial of service, disrupt the system-call auditing, or corrupt audit logs.
Users are urged to update their systems immediately
Canonical urges users of the Ubuntu operating systems mentioned above to update immediately. The new kernel versions are linux-image-4.4.0-42 (4.4.0-42.62) for Ubuntu 16.04 LTS, linux-image-3.13.0-98 (3.13.0-98.145) for Ubuntu 14.04 LTS, and linux-image-3.2.0-111 (3.2.0-111.153) for Ubuntu 12.04 LTS.
Additionally, Ubuntu 16.04 LTS for Raspberry Pi 2 gets linux-image-4.4.0-1027-raspi2 (4.4.0-1027.33), Ubuntu 12.04 LTS Trusty HWE receives linux-image-3.13.0-98 (3.13.0-98.145~precise1), and Ubuntu 14.04 LTS Xenial HWE gets linux-image-4.4.0-42 (4.4.0-42.62~14.04.1).
To update your system, use the Software Updater or Ubuntu Software applications, as well as Synaptic Package Manger or the APT command-line package manager. More details are provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades. Don't forget to reboot your system after a kernel update!