14 DAY TRIAL // After releasing a new Linux kernel security update for Ubuntu 16.04 LTS (Xenial Xerus) users, Canonical published an important kernel update for the Ubuntu 14.04 LTS (Trusty Tahr) operating system series and its derivatives.
The new kernel security update for Ubuntu 14.04 LTS (Trusty Tahr) is here to address two flaws (CVE-2015-8539 and CVE-2017-15299) discovered by Dmitry Vyukov and Eric Biggers in Linux kernel's key management subsystem, which could allow a local attacker to either execute arbitrary code or crash the system via a denial of service.
It also patches a use-after-free vulnerability (CVE-2016-7913) in the device driver for XCeive xc2028/xc3028 tuners, as well as a race condition (CVE-2017-0794) discovered by Pengfei Ding, Chenfu Bao, and Lenx Wei in the generic SCSI driver (sg), all of which could allow a local attacker to crash the system or execute arbitrary code.
Other flaws patched in this kernel update include a NULL pointer dereference (CVE-2017-18216) found in the OCFS2 file system that may let a local attacker crash the system and a buffer overflow (CVE-2018-9518) in the NFC Logical Link Control Protocol (llcp), which could allow an attacker to crash the system or execute arbitrary code.
Lastly, the security update also addresses two race conditions (CVE-2018-1000004 and CVE-2018-7566) discovered by Luo Quan, Wei Yang, and Fan LongFei in the Advanced Linux Sound Architecture (ALSA) subsystem, which could allow a local attacker to cause a denial of service (system deadlock or system crash), as well as to possibly execute arbitrary code.
Users must update their systems immediately
If you're using the original Linux 3.13 kernel of the Ubuntu 14.04 LTS (Trusty Tahr) operating systems series, you must update your system(s) to linux-image-3.13.0-161.211, which is available for 32-bit, 64-bit, and PowerPC (PPC and PPC64) architectures. This kernel is available for Ubuntu 12.04 ESM users, too.
Make sure you reboot your systems after installing the new kernel version, and you should also recompile any third-party kernel modules you might have installed for various software that need them, such as VirtualBox or the Nvidia GPU drivers. More details are available in the security advisory.