14 DAY TRIAL // Canonical published today a major Linux kernel security update for the Ubuntu 18.04 LTS (Bionic Beaver) operating system series to address eleven security vulnerabilities discovered recently by various independent researchers.
Several security issues were discovered in the Linux kernel used by Canonical's Ubuntu 18.04 LTS (Bionic Beaver) operating system, affecting all of its derivatives, including Kubuntu, Xubuntu, Lubuntu, Ubuntu GNOME, Ubuntu Budgie, Ubuntu Kylin, and Ubuntu Studio, as well as other third-party flavors based on them.
A total of eleven security vulnerabilities were addressed in this major kernel update, seven of which are flaws (CVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879, CVE-2018-10880, CVE-2018-10882, and CVE-2018-10883) discovered by Wen Xu in Linux kernel's EXT4 filesystem implementation.
These vulnerabilities, which ranged from use-after-free and buffer overflow to out-of-bounds writes, could allow attackers to either execute arbitrary code or crash the system via a denial of service attack by utilizing a maliciously crafted EXT4 image that could be mounted on the vulnerable machine.
Also addressed is a race condition (CVE-2018-14625) discovered in Linux kernel's vsock address family implementation, which could lead to a use-after-free condition, allowing a local attacker in the guest virtual machine to expose sensitive information (host machine kernel memory).
Two security issues (CVE-2018-16882 and CVE-2018-19407) affecting the KVM (Kernel-based Virtual Machine) implementation, discovered by Cfir Cohen and Wei Wu, were fixed as well. These could allow a local attacker in a guest virtual machine to gain administrative privileges in the host machine or crash the system.
Last but not least, the security update patches two vulnerabilities (CVE-2018-17972 and CVE-2018-18281) discovered by Jann Horn of Google Project Zero in Linux kernel's procfs file system implementation and mremap() system call, which could let local attackers expose sensitive information or execute arbitrary code.
Ubuntu 18.04 LTS users must update immediately
The security update also fixes an issue (CVE-2018-9516) discovered in Linux kernel's HID subsystem debug interface, which improperly performed bounds checking under certain conditions, allowing an attacker that has access to the debugfs utility to either gain additional privileges or cause a denial of service.
Canonical urges all Ubuntu 18.04 LTS (Bionic Beaver) users to update their installations immediately to the linux-image 4.15.0-44.47 kernel that's available for generic, lpae, and lowlatency 64-bit and 32-bit installations, as well as for Snapdragon processors.
To update your system, run the "sudo apt update && sudo apt full-upgrade" command and then reboot your PC, or follow the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades. Users of Ubuntu 18.04.1 LTS or later using the Linux 4.18 kernel series must update to linux-image 4.18.0-14.15~18.04.1.