14 DAY TRIAL // Canonical announced a few hours ago the availability of a new security update for the Raspberry Pi 2 kernel packages of the Ubuntu 16.10 (Yakkety Yak) operating system, which patches a total of five newly discovered vulnerabilities.
The first security flaw (CVE-2016-10147) was discovered by Mikulas Patocka in Linux kernel's mcryptd, the asynchronous multibuffer cryptographic daemon, which appears to incorrectly handle incompatible algorithms. This could allow a local attacker to crash the system by causing a denial of service.
The second vulnerability (CVE-2016-10150) is a use-after-free discovered in Linux kernel's KVM (Kernel-based Virtual Machine) subsystem when creating devices, which could have allowed a local attacker to crash the system via a denial of service.
A third security issue (CVE-2016-8399) was discovered by Qidan He in Linux kernel's ICMP implementation, which incorrectly checked the size of the Internet Control Message Protocol (ICMP) header, allowing a local attacker CAP_NET_ADMIN access to expose sensitive information.
Discovered by Qian Zhang, the fourth kernel vulnerability (CVE-2016-8632) was a heap-based buffer overflow in Linux kernel's tipc_msg_build() function, which could have allowed a local attacker to either execute malicious code as root (system administrator) or crash the system by causing a denial of service.
The last security issue (CVE-2016-9777) patched in this update was discovered by Dmitry Vyukov in Linux kernel's KVM implementation, which incorrectly restricted the VCPU (Virtual Central Processing Unit) index if I/O APIC was active. This could allow an attacker in the guest virtual machine to crash the system or gain root access in the host OS.
Users should update their systems immediately
If you're using Ubuntu 16.10 on a Raspberry Pi 2 device, you are urged to update the kernel package to version linux-image-4.8.0-1024-raspi2 4.8.0-1024.27, which is now available for installation in the stable software repositories of the operating system. To update, simply run the "sudo apt update && sudo apt dist-upgrade" command in a terminal emulator.
For more details on how to update your system you can also follow the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades, but please try to keep in mind that you must reboot the system after installing the new kernel version, and rebuild any third-party kernel modules you might have installed.