Canonical has released a bunch of new kernel updates for all the latest Ubuntu releases. The updates mainly fix fifteen important security vulnerabilities in the Linux kernel.
As per the new security advisories published by Canonical, the kernel security updates are developed for systems with Ubuntu 14.04 LTS, Ubuntu 16.10 and Ubuntu 17.04. The kernel package of Linux 3.13 in Ubuntu 14.04 LTS (Trusty Tahr) is appeared to be the most affected one in the series.
Among the list of bug fixes, Canonical has fixed the issue in Wake-on-LAN (WoL) data structure (CVE-2014-9900). The vulnerability blocked the Linux kernel to initialise a Wake-on-LAN data structure. There is another vulnerability (tagged as CVE-2015-8944) that allowed a local attacker to expose sensitive information from the kernel memory.
The Canonical team has also fixed a use-after-free vulnerability (CVE-2015-8955) The issue was discovered in the counters subsystem and Linux kernel events for ARM64 architecture. Furthermore, it could open an unauthenticated access to the local attacker leading to DDoS attack and system crash.
Another interesting race condition (CVE-2015-8963) was identified in Linux kernel’s counter subsystem and performance events. The race condition could allow an attacker to run arbitrary code or crash the system. Two more reported bugs, tagged as CVE-2015-8962 and CVE-2015-8963, could allow unauthenticated access to the local attackers.
The most critical vulnerability was affecting Ubuntu 14.04 LTS — the one (CVE-2017-7895) which was hidden in kernel’s NFSv2 and NFSv3 implementations. The vulnerability could allow the attacker to run malicious code via a DDoS attack.
All Ubuntu users are recommended to update their system immediately to fix these problems.