Ubuntu 16.10, 16.04, 14.04, and 12.04 versions are affected

Dec 1, 2016 04:00 GMT  ·  By

On the last day of November 2016, Canonical, the company behind the popular Ubuntu Linux operating system, published a bunch of new security advisories to inform the community about the availability of new kernel versions for its supported OSes.

The company pushed patched variants of the kernel packages in Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin) to the stable software repositories, addressing a total of four vulnerabilities discovered recently by various hackers and security researchers.

The most common security flaw, CVE-2016-7425, was discovered by Marco Grassi in Linux kernel's Areca RAID Controllers driver, which was not capable of properly validating control messages, thus allowing a local attacker to crash the system or gain administrative privileges. The issue affects Ubuntu 16.10, 16.04 LTS, 14.04, and 12.04 LTS.

The CVE-2016-7097 vulnerability affects both Ubuntu 16.10 and Ubuntu 16.04 LTS, and it was discovered by Jan Kara and Andreas Gruenbacher in Linux kernel's filesystem implementation, which didn't clear the setgid bit during a setxattr call. Because of this, a local attacker could be able to elevate group privileges.

Another security issue (CVE-2016-8658) affecting Ubuntu 16.10 and Ubuntu 16.04 LTS, this time discovered by Daxing Guo, is a stack-based buffer overflow in Linux kernel's Broadcom IEEE802.11n FullMAC driver, which could have allowed a local attacker to crash the system or likely gain administrative privileges.

Canonical recommends all users to update their systems immediately

Affecting only Ubuntu 16.04 LTS, a vulnerability (CVE-2016-9644) discovered in Linux kernel's __get_user_asm_ex implementation in the x86 (32-bit) and x86_64 (64-bit) contained extended asm statements, which apparently were incompatible with the exception table, and could have allowed a local attacker to gain administrative privileges.

Canonical recommends all Ubuntu Linux users to update their systems immediately. The new kernel versions are linux-image 4.8.0.28.37 for Ubuntu 16.10, linux-image 4.4.0.51.54 for Ubuntu 16.04 LTS, linux-image 3.13.0.103.111 for Ubuntu 14.04 LTS, and linux-image 3.2.0.116.132 for Ubuntu 12.04 LTS.

The HWE (Hardware Enablement) kernels for Ubuntu 14.04.5 LTS and Ubuntu 12.04.5 LTS have been updated as well, and users are urged to update their systems to linux-image 4.4.0.51.38 on Ubuntu 14.04.5 LTS, as well as linux-image 3.13.0-103.150~precise1 on Ubuntu 12.04.5 LTS.