14 DAY TRIAL // Canonical released a new Linux kernel live patch for the Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus) operating system series to address the recently disclosed TCP Denial of Service (DoS) vulnerabilities.
Coming hot on the heels of the recent Linux kernel security updates published earlier this week for all supported Ubuntu releases, the new Linux kernel live patch is only targeted at Ubuntu versions that support the kernel live patch and are long-term supported, including Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus).
And it's here to address the same two security vulnerabilities (CVE-2019-11477 and CVE-2019-11478) discovered by Jonathan Looney in Linux kernel's TCP retransmission queue implementation when handling TCP Selective Acknowledgments (SACKs), which could allow a remote attacker to crash the system by causing a denial of service (resource exhaustion). The CVE-2019-11477 flaw is also known as SACK Panic.
Users are urged to update their systems immediately
Canonical urges all users of the Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus) operating system series who use the Linux kernel live patch to update their installations as soon as possible to the new kernel versions. These are rebootless kernel updates, so you won't need to restart your computer to apply them.
The new live kernel versions are 4.15.0-51.55 for Ubuntu 18.04.2 LTS systems with the HWE stack from Ubuntu 18.10, 4.15.0-51.55~16.04.1 for Ubuntu 16.04.6 LTS systems with the HWE stack from Ubuntu 18.04.2 LTS, and 4.4.0-150.176 for Ubuntu 16.04 LTS systems. Check out Canonical's Livepatch Service website for details on how to use the kernel live patch.