14 DAY TRIAL // Canonical on Monday announced the availability of a new Linux kernel security update for all users of the Ubuntu 16.04 LTS (Xenial Xerus) operating systems series.
The new kernel update comes hot on the heels of the kernel security updates that Canonical released last week for the Ubuntu 14.04 LTS (Trusty Tahr) and Ubuntu 17.04 (Zesty Zapus) users, patching a total of six vulnerabilities affecting the Linux 4.4 LTS kernel on all supported architectures, including 64-bit, 32-bit, PowerPC, PPC64el, Raspberry Pi 2 and Snapdragon processors.
Among the security issues fixed by this update, we can mention a Linux kernel flaw (CVE-2014-9900) that made it impossible to initialize a Wake-on-Lan data structure, thus allowing a local attacker to expose sensitive information from kernel memory, and the inability of Linux kernel to properly restrict access to /proc/iomem, which could allow a local attacker to expose sensitive information (CVE-2015-8944).
Discovered by Alexander Potapenko, the update fixes a race condition (CVE-2017-1000380) in Linux kernel's ALSA (Advanced Linux Sound Architecture) subsystem that could allow a local attacker to expose sensitive information from kernel memory, as well as an issue (CVE-2017-9150) discovered by Jann Horn in Linux kernel's Berkeley Packet Filter (BPF) that made it impossible to restrict the output of the print_bpf_insn function, thus allowing a local attacker to obtain sensitive address information.
Ubuntu 16.04 LTS users using Linux kernel 4.4 must update immediately
Two other issues (CVE-2017-7346 and CVE-2017-9605) affecting Linux kernel's DRM driver for VMWare Virtual GPUs, discovered by Li Qiang and Murray McAllister, which made it incorrectly validate some ioctl arguments or initialize memory, allowing local attackers to either crash the vulnerable system via a denial of service or expose sensitive information from kernel memory were fixed in this new kernel update for Ubuntu 16.04 LTS (Xenial Xerus) systems.
All Ubuntu 16.04 LTS users using Linux kernel 4.4 LTS must update their installations immediately to linux-image-generic 4.4.0.87.93, linux-image-lowlatency 4.4.0.87.93, linux-image-snapdragon 4.4.0.1067.60, linux-image-powerpc-smp 4.4.0.87.93, linux-image-powerpc-e500mc 4.4.0.87.93, linux-image-powerpc64-emb 4.4.0.87.93, or linux-image-raspi2 4.4.0.1065.66. A Xenial HWE kernel is also available for Ubuntu 14.04.5 LTS (Trusty Tahr) systems, namely linux-image-generic-lts-xenial 4.4.0.87.72.