14 DAY TRIAL // Canonical released a new set of Linux kernel updates for several of its supported Ubuntu operating systems to address various important security vulnerabilities discovered lately.
Available for the Ubuntu 18.10 (Cosmic Cuttlefish), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr) operating system series, the new Linux kernel updates address a total of 12 security issues, one affecting both Ubuntu 18.10 and Ubuntu 16.04 LTS, three affecting Ubuntu 18.10, four affecting Ubuntu 16.04 LTS, and other four affecting Ubuntu 14.04 LTS.
For Ubuntu 18.10 (Cosmic Cuttlefish), the new kernel patch fixes a race condition (CVE-2018-14625) discovered in Linux kernel's vsock address family implementation, a use-after-free vulnerability (CVE-2018-16882) in the KVM implementation, as well as two other flaws found in the crypto subsystem and KVM implementation (CVE-2018-19407 and CVE-2018-19854).
For Ubuntu 16.04 LTS (Xenial Xerus), the kernel update addresses a use-after-free vulnerability (CVE-2018-19824) found in the ALSA (Advanced Linux Sound Architecture) subsystem, various bugs discovered in Linux kernel's EXT4 file system implementation, cleancache subsystem, KVM implementation, and USB subsystem (CVE-2018-10883, CVE-2018-16862, CVE-2018-19407, and CVE-2018-20169).
Lastly, for Ubuntu 14.04 LTS (Trusty Tahr), the kernel update fixes issues found in Linux kernel's CIFS client implementation, procfs file system implementation, mremap() system call, and socket implementation (CVE-2018-1066, CVE-2018-17972, CVE-2018-18281, and CVE-2018-9568). All these flaws could allow attackers to expose sensitive information, crash the system, or possibly execute arbitrary code.
Users are urged to update their systems immediately
Canonical urges all Ubuntu 18.10, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS users to update their installation immediately to the new kernel versions that are already available from the stable software repositories of their respective operating systems for 64-bit and 32-bit systems, Amazon Web Services (AWS) systems, Google Cloud Platform (GCP) systems, Raspberry Pi 2, and cloud environments.
Last week, Canonical released a similar kernel security update for the Ubuntu 18.04 LTS (Bionic Beaver) operating system series, which introduced an unfortunate regression with docking station displays when mounting an EXT4 file system with the "meta_bg option" enabled. The regression was fixed a few days later with another kernel update, so make sure you're running the latest version, always.