14 DAY TRIAL // Canonical releases a new Linux kernel security update for its long-term supported Ubuntu 16.04 LTS (Xenial Xerus) operating system series to address several vulnerabilities.
This new Linux kernel security patch comes hot on the heels of the security update released earlier this week for the Ubuntu 19.04 (Disco Dingo) and Ubuntu 18.04 LTS (Bionic Beaver) operating system series, but it's only available for users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system series running the stock Linux 4.4 kernel.
It addresses a total of six flaws, including an integer overflow (CVE-2019-10142) discovered in Linux kernel's Freescale (PowerPC) hypervisor manager and a race condition (CVE-2018-20836) discovered in the Serial Attached SCSI (SAS) implementation, which could allow a local attacker to execute arbitrary code or cause a denial of service (system crash).
Also patched are two issues (CVE-2019-11833 and CVE-2019-11884) in the EXT4 file system, which improperly zeroed out memory under certain situations, and the Bluetooth Human Interface Device Protocol (HIDP) implementation, which incorrectly verified NULL terminated strings. Both could allow a local attacker to expose sensitive information from kernel memory.
Another security flaw fixed in this update was an issue (CVE-2019-9503) discovered by Hugues Anguelkov in Linux kenrel's Broadcom Wi-Fi driver, which failed to prevent remote firmware events from being processed for USB Wi-Fi devices, thus allowing a physically proximate attacker to send firmware events to the device.
ARM devices are affected as well
The new kernel security patch for Ubuntu 16.04 LTS also addresses an issue (CVE-2019-2054) in the Linux kernel that affects ARM processors by allowing a tracing process to modify a syscall after a seccomp decision was made on the respective syscall, which could allow a local attacker to bypass seccomp restrictions.
If you are using the Ubuntu 16.04 LTS (Xenial Xerus) operating system with the stock Linux 4.4 kernel, you are urged to update your devices to linux-image 4.4.0-157.185 on 32-bit or 64-bit systems, linux-image-raspi2 4.4.0-1117.126 on Raspberry Pi 2 boards, linux-image-kvm 4.4.0-1052.59 on cloud environments, or linux-image-aws 4.4.0-1088.99 on AWS machines.