14 DAY TRIAL // Canonical released new Linux kernel security updates for Ubuntu 17.04 (Zesty Zapus) and Ubuntu 16.04 LTS (Xenial Xerus) operating systems, as well as updated HWE (hardware enablement) kernels for Ubuntu 14.04.5 LTS (Trusty Tahr) and the recently released Ubuntu 16.04.3 LTS maintenance update.
Available for 64-bit and 32-bit hardware architectures, as well as for Raspberry Pi 2, the new kernel updates patch a total of four security issues affecting the Linux 4.10 and 4.4 LTS kernels of Ubuntu 17.04 and 16.04 LTS, as well as their derivatives, including Kubuntu, Xubuntu, Lubuntu, Ubuntu GNOME, Ubuntu MATE, Ubuntu Studio, Ubuntu Budgie, and Ubuntu Kylin.
Discovered by Shixiong Zhao and Fan Wu, the first vulnerability fixed by this kernel update is a race condition (CVE-2017-7533) between vfs rename operations and inotify events in the Linux kernel, which could allow a local unprivileged attacker to crash the affected system by causing a denial of service (DoS attack) or execute arbitrary code.
The second Linux kernel vulnerability (CVE-2017-1000365) patched in this updated could allow a local attacker to execute arbitrary code if the security flaw was combined with another vulnerability, due to the inability of the Linux kernel to properly restrict the RLIMIT_STACK size.
The third security issue (CVE-2017-10810) was discovered in Linux kernel's Virtio GPU driver, which improperly freed memory in certain situations, thus allowing a local attacker to cause a denial of service (memory consumption).
Finally, the last and most important security flaw (CVE-2017-7482) patched in this update was discovered in Linux kernel's RxRPC Kerberos 5 ticket handling code, which failed to verify metadata, allowing a remote attacker to crash the vulnerable system by causing a denial of service, as well as to execute malicious code.
Users urged to update their systems immediately
As expected, Canonical urges users to update their systems immediately if they use Ubuntu 17.04 (Zesty Zapus) with the Linux 4.10 kernel, Ubuntu 16.04 LTS (Xenial Xerus) with the Linux 4.4 LTS kernel, Ubuntu 16.04.3 LTS with the Linux 4.10 HWE kernel from Ubuntu 17.04, or Ubuntu 14.04.5 LTS (Trusty Tahr) with the Linux 4.4 LTS kernel from Ubuntu 16.04 LTS.
The new kernels are linux-image 4.10.0.30.31 for Ubuntu 17.04, linux-image-raspi2 4.10.0.1013.15 for Ubuntu 17.04 for Raspberry Pi 2, linux-image 4.4.0-89.112 for Ubuntu 16.04 LTS, linux-image-raspi2 4.4.0.1067.68 for Ubuntu 16.04 LTS for Raspberry Pi 2, linux-image-generic-hwe-16.04 4.10.0.30.33 for Ubuntu 16.04.3 LTS, and linux-image-lts-xenial 4.4.0.89.74 for Ubuntu 14.04.5 LTS.
Linux kernel packages are also available for Amazon Web Services (AWS) and Google Container Engine (GKE) systems, as well as Snapdragon processors on Ubuntu 16.04 LTS. To update your system, use the default package manager or follow the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades.