14 DAY TRIAL // Canonical released today a major kernel security update for Ubuntu 14.04 LTS (Trusty Tahr) operating system series, addressing more than 20 vulnerabilities and other issues.
A total of 26 security flaws were fixed in today's kernel update for Ubuntu 14.04 LTS systems and derivatives, including an out-of-bounds write vulnerability in Linux kernel's F2F (Flash-Friendly File System) file system, a use-after-free flaw in Linux kernel's ALSA PCM subsystem, and an integer overflow in Linux kernel's sysfs interface for the QLogic 24xx+ series SCSI driver.
Additionally, the kernel update addresses a use-after-free vulnerability in Linux kernel's SCTP protocol implementation, as well as a race condition in the LEGO USB Infrared Tower driver and a use-after-free vulnerability in the USB serial console driver, both allowing a physically proximate attacker to execute arbitrary code or crash the system with a denial of service attack.
Other vulnerabilities fixed are an use-after-free vulnerability in the netfilter xt_TCPMSS filter, an integer overflow vulnerability existing in the IPv6 implementation, a use-after-free vulnerability in the DCCP protocol implementation, a null pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation, and a race condition existed in loop block device implementation.
Issues were also addressed in Linux kernel's KVM implementation, the netlink wireless configuration interface, SCSI subsystem, the key management subsystem, the memory manager, the ATI Radeon framebuffer driver, the iSCSI transport implementation, the Bluetooth Network Encapsulation Protocol (BNEP) implementation, the HMAC implementation, the shm IPC subsystem, and the netfilter passive OS fingerprinting (xt_osf) module.
Users are urged to update their installations immediately
On top of the security vulnerabilities mentioned above, the today's kernel update also mitigates the Meltdown security vulnerability for the PPC64el (PowerPC 64-bit Little Endian) architecture in Ubuntu 14.04 LTS systems. All Ubuntu 14.04 LTS (Trusty Tahr) users are urged to update their installations as soon as possible to the linux-image 3.13.0.142.152 kernel package on 64-bit, 32-bit, PPC64el, and PPC systems.
The kernel update is also available for Ubuntu 12.04 ESM (Extended Security Maintenance) users who are using the Trusty HWE (Hardware Enablement) kernel from Ubuntu 14.04 LTS. If you use Ubuntu 14.04.5 LTS with the Xenial HWE kernel, you need to update to the respective kernel version of Ubuntu 16.04 LTS (Xenial Xerus) that was released two days ago.