14 DAY TRIAL // After patching six vulnerabilities in the kernel packages of the Ubuntu 17.04 (Zesty Zapus) operating system, Canonical also updated the kernels of the Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 14.04 LTS (Trusty Tahr).
Only the kernel packages of the Ubuntu 16.04 LTS and 16.04.1 LTS releases received the most attention in this new update, addressing a stack-based buffer overflow (CVE-2017-7187) issue discovered by Dmitry Vyukov in Linux kernel's generic SCSI (sg) subsystem, which lets local attackers that had access to an sg device to crash the affected system or execute random code.
The second vulnerability (CVE-2017-7261) is a NULL pointer dereference discovered in Linux kernel's Direct Rendering Manager (DRM) driver for VMWare devices, which could allow a local attacker to crash the system by causing a denial of service, and the third one (CVE-2017-7616) appears to be an information leak in Linux kernel's set_mempolicy and mbind compat syscalls, allowing a local attacker to expose sensitive information from kernel memory.
The fourth and last security flaw (CVE-2017-7294) is an integer overflow vulnerability discovered by Li Qiang in Linux kernel's Direct Rendering Manager (DRM) driver for VMWare devices, which could allow a local attacker to execute arbitrary code or cause a denial of service, thus crashing the vulnerable machine. Users are urged to update to the linux-image 4.4.0.78.84 kernel package.
Here's what was patched for Ubuntu 16.10 and Ubuntu 14.04 LTS users
For Ubuntu 16.10 (Yakkety Yak), which runs the Linux 4.8 kernel, Canonical only patched a heap overflow issue (CVE-2017-7477) discovered by Jason Donenfeld in Linux kernel's MACsec module, which let an attacker to either execute arbitrary code or cause a denial of service and crash the vulnerable system. The same patched kernel is also available for users of Ubuntu 16.04.2 LTS via the hardware enablement HWE kernel (linux-image-generic-hwe-16.04 4.8.0.52.23).
On the other hand, for Ubuntu 14.04 LTS (Trusty Tahr), a security flaw (CVE-2016-8645) that made Linux kernel's TCP implementation to mishandle socket buffer (skb) truncation was addressed. The issue was discovered by Marco Grassi, and it could allow a local attacker to crash the affected system by causing a denial of service. Users must update to the linux-image 3.13.0.119.129 kernel package. Details on how to update are provided at https://wiki.ubuntu.com/Security/Upgrades.