Canonical released new kernel updates for all supported Ubuntu Linux releases, including Ubuntu 14.04 LTS (Trusty Tahr), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 17.04 (Zesty Zapus), fixing a total of five security vulnerabilities.
Affecting all three Ubuntu releases, as well as all official derivatives, such as Kubuntu, Xubuntu, Lubuntu, Ubuntu MATE, etc., a divide-by-zero error (CVE-2017-14106) was discovered by Andrey Konovalov in Linux kernel’s TCP stack implementation, allowing a local attacker to crash the system by causing a denial of service.
Affecting Ubuntu 14.04 LTS systems and derivaties, as well as Ubuntu 12.04.5 ESM (Extended Security Maintenance) machines, a buffer overflow (CVE-2016-8633) was discovered by Eyal Itkin in Linux kernel’s IP over IEEE 1394 (FireWire) implementation when handling fragmented packets.
The security vulnerability is important and known to allow a remote attacker to gain administrative privileges by executing arbitrary code. Ubuntu users running Ubuntu 14.04 LTS with the linux-image-3.13.0 kernel are urged to update to linux-image 188.8.131.52.142 or 3.13.0-133.182, depending on the architecture used.
Canonical urges all Ubuntu users to update their systems immediately to the new kernel versions that are already available in the main repositories. To update your system, simply run the “sudo apt update && sudo apt dist-upgrade” command in the Terminal app or use the Software Updater tool.
Submitted by: Arnfried Walbrecht