An HWE kernel patch is also available for Ubuntu 14.04.5 LTS

Mar 18, 2019 13:58 GMT  ·  By

Canonical released a new Linux kernel security update for users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system series to address several recently discovered vulnerabilities.

The new Linux kernel security update is here to address five security issues discovered by various security researchers in the Linux 4.4 kernel used in the Ubuntu 16.04 LTS (Xenial Xerus) operating system series and official derivatives that aren't using the Linux 4.15 HWE (Hardware Enablement) kernel from Ubuntu 18.04 LTS (Bionic Beaver).

These include a flaw (CVE-2017-18241) in Linux kernel's F2FS file system implementation, which incorrectly handled the noflush_merge mount option, and multiple integer overflows (CVE-2018-7740) in the hugetlbfs implementation. Both issues could allow local attackers to crash the vulnerable system through a denial of service.

The new Linux kernel security update also addresses an issue (CVE-2018-1120) discovered in the procfs file system that could allow a local attacker to block certain tools used to examine the procfs file system to report the state of the operating system because it failed to correctly handle processes mapping the memory elements onto files.

Also patched is a race condition (CVE-2019-6133) discovered by Jann Horn of Google Project Zero in Linux kernel's fork() system call, which could allow a local attacker to gain access to services caching authorizations, and a security flaw (CVE-2018-19985) discovered by Mathias Payer and Hui Peng in the Option USB High Speed driver, which could allow a physically proximate attacker to cause crash the system.

Users must update their systems as soon as possible

Canonical recommends all Ubuntu 16.04 LTS (Xenial Xerus) users to update their installations as soon as possible to the new Linux 4.4 kernel versions that are available in the stable repositories of the operating system. These are linux-image 4.4.0-143.169 for 32-bit and 64-bit systems, linux-image-raspi2 4.4.0-1104.112 for Raspberry Pi 2, linux-image-kvm 4.4.0-1041.47 for cloud environments, linux-image-snapdragon 4.4.0-1108.113 for Snapdragon processors, and linux-image-aws 4.4.0-1077.87 for Amazon Web Services (AWS) systems.

Canonical also updated the Linux hardware enablement (HWE) kernel for Ubuntu 14.04.5 LTS (Trusty Tahr) users running the Linux 4.4 kernel from Ubuntu 16.04 LTS (Xenial Xerus). Therefore, these must update their systems to linux-image-generic 4.4.0-143.169~14.04.2 on 32-bit, 64-bit, and PowerPC 64-bit platforms, as well as to linux-image-aws 4.4.0-1039.42 on Amazon Web Services (AWS) systems. Please keep in mind to reboot your systems after installing the new kernel updates.