14 DAY TRIAL // Canonical released a new Linux kernel security update for Ubuntu 16.04 LTS (Xenial Xerus) to address several vulnerabilities discovered by various security researchers in the upstream kernel.
The new Linux kernel security update is available for all users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system series and its derivatives, affecting all those using the original Linux 4.4 kernel. If you upgraded your Ubuntu 16.04 LTS installations to the Linux 4.15 kernel from Ubuntu 18.04 LTS (Bionic Beaver), you aren't affected.
The security patch addresses a total of four flaws, including a use-after-free vulnerability (CVE-2018-14734) discovered by Noam Rathaus in the Infiniband implementation, letting attackers to crash the system via a denial of service, as well as an integer overflow (CVE-2018-16658) in the CD-ROM driver, which could allow a local attacker to expose sensitive information.
Remote exploit patched
Also patched are an integer overflow (CVE-2018-9363) discovered in Linux kernel's HID Bluetooth implementation, which could allow an attacker to either crash the system (denial of service) or execute arbitrary code, and a flaw in the CIPSO labeling implementation, discovered by Yves Younan, which could allow a remote attacker to cause an infinite loop by specially crafting network traffic (CVE-2018-10938).
If you're using the Ubuntu 16.04 LTS (Xenial Xerus) operating system with the Linux 4.4 kernel series, you are urged to update your installations to linux-image-4.4.0-138.164 on 64-bit or 32-bit machines, as well as to linux-image-4.4.0-1099.107 on Raspberry Pi 2 devices, linux-image-4.4.0-1070.80 on Amazon Web Services (AWS) systems, linux-image-kvm-4.4.0-1036.42 on cloud environments, and linux-image-snapdragon-4.4.0-1103.108 on Snapdragon processors.
As usual, you should reboot your machines after installing a new kernel update. If you're using the Ubuntu 14.04.5 (Trusty Tahr) operating system with the HWE (Hardware Enablement) kernel from Ubuntu 16.04 LTS, you will also have to update your installations to linux-image-4.4.0-138.164~14.04.1 on 64-bit, 32-bit, and PowerPC (PPC and PPC64) architectures as well as to linux-image-aws-4.4.0-1032.35 on Amazon Web Services (AWS) systems.