The company pushed patched variants of the kernel packages in Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin) to the stable software repositories, addressing a total of four vulnerabilities discovered recently by various hackers and security researchers.
The most common security flaw, CVE-2016-7425, was discovered by Marco Grassi in Linux kernel’s Areca RAID Controllers driver, which was not capable of properly validating control messages, thus allowing a local attacker to crash the system or gain administrative privileges. The issue affects Ubuntu 16.10, 16.04 LTS, 14.04, and 12.04 LTS.
Canonical recommends all Ubuntu Linux users to update their systems immediately. The new kernel versions are linux-image 220.127.116.11.37 for Ubuntu 16.10, linux-image 18.104.22.168.54 for Ubuntu 16.04 LTS, linux-image 22.214.171.124.111 for Ubuntu 14.04 LTS, and linux-image 126.96.36.199.132 for Ubuntu 12.04 LTS.
The HWE (Hardware Enablement) kernels for Ubuntu 14.04.5 LTS and Ubuntu 12.04.5 LTS have been updated as well, and users are urged to update their systems to linux-image 188.8.131.52.38 on Ubuntu 14.04.5 LTS, as well as linux-image 3.13.0-103.150~precise1 on Ubuntu 12.04.5 LTS.
Submitted by: Arnfried Walbrecht