Canonical published a new security advisory to inform the Ubuntu Linux community about the availability of an updated kernel for the Raspberry Pi 2 port of the Ubuntu 16.04 LTS (Xenial Xerus) operating system, patching the same eight vulnerabilities discovered in the desktop and server kernel packages.
The patched kernel security flaws are an information leak in Linux kernel’s RDS (Reliable Datagram Sockets) implementation, a flaw in the TCP implementation, a race condition in the MIC VOP driver, as well as a heap-based buffer overflow in the USB HID driver.
Additionally, the patched kernel addresses a race condition in Linux kernel’s MIC VOP driver, some minor issues with PowerPC platforms, various bugs in the OverlayFS file system, and some errors with the airspy USB device kernel driver, which didn’t function properly.
Canonical urges all users of the Ubuntu 16.04 LTS (Xenial Xerus) port for Raspberry Pi 2 single-board computers to update the kernel packages to the new version, namely linux-image-4.4.0-1021-raspi2 (4.4.0-1021.27), as soon as possible. The patched kernel is already available in the stable repositories.
Submitted by: Arnfried Walbrecht