14 DAY TRIAL // Canonical published a few moments ago a new security notice to inform users of Ubuntu 16.04 LTS (Xenial Xerus) about the availability of a kernel update for their systems.
Two kernel vulnerabilities are affecting Ubuntu 16.04, 16.04.1, and 16.04.2 users that are still using a kernel from the long-term supported Linux 4.4 series, including the Linux kernel for Raspberry Pi 2 devices, Snapdragon processors, as well as Google Container Engine (GKE) and Amazon Web Services (AWS) systems.
The first one (CVE-2016-10208) was discovered by Ralf Spenneberg in Linux kernel's EXT4 file system implementation, which incorrectly validated meta block groups, allowing an attacker that had physical access to the vulnerable system to crash the system by crafting an EXT4 image which causes a denial of service.
The second security flaw (CVE-2017-5551) could allow a local attacker to gain elevated group privileges because the Linux kernel failed to clear the setgid bit during a setxattr call on a tmpfs file system. Both issues can be corrected by updating your Ubuntu 16.04 LTS systems to the linux-image-4.4.0-67 (4.4.0-67.88) kernel version.
The Xenial HWE was also released for Ubuntu 14.04 LTS
If you're using the Ubuntu 14.04.5 LTS (Trusty Tahr) operating system, you'll also be able to install this patched Linux 4.4 kernel designed for Ubuntu 16.04 LTS (Xenial Xerus) thanks to Canonical's HWE (Hardware Enablement) initiative. Users are urged to update their installations to the linux-image-lts-xenial 4.4.0.67.54 kernel version.
To update your Ubuntu system, please follow the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades. Keep in mind that after installing a new kernel version, you'll also have to reboot your computer, as well as rebuild any third-party kernel module you may have installed.