14 DAY TRIAL // Canonical released new kernel security updates for all supported Ubuntu Linux operating systems to address multiple security vulnerabilities discovered by various researchers.
The new Linux kernel updates are available for Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 17.10 (Artful Aardvark), Ubuntu 16.04 LTS (Xenial Xerus), as well as Ubuntu 14.04 LTS (Trusty Tahr) operating system series and they fix a total of 22 security vulnerabilities across all Ubuntu Linux releases.
One of the most important issues fixed is an information leak vulnerability tagged as CVE-2018-7755 and discovered in Linux kernel's floppy driver, which could allow a local attacker to expose sensitive information (kernel memory). This issue affected Ubuntu 18.04 LTS, Ubuntu 17.10, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS.
Affecting only Ubuntu 18.04 LTS, the update fixes security flaws discovered in Linux kernel's EXT4 file system implementation (CVE-2018-1094 and CVE-2018-1095), and the cdrom driver (CVE-2018-10940). It also fixes an issue with the 32-bit adjtimex() syscall implementation (CVE-2018-11508), which affects Ubuntu 18.04 LTS and Ubuntu 17.10.
Lazy FPU Save/Restore patched on Ubuntu 16.04 LTS and 14.04 LTS
Other security issues patched include a null pointer dereference vulnerability (CVE-2018-1130) in Linux kernel's DCCP protocol implementation, as well as an information disclosure vulnerability (CVE-2018-5750) in Linux kernel's SMBus driver for ACPI Embedded Controllers affecting both Ubuntu 17.10 and Ubuntu 14.04 LTS releases.
Furthermore, there are fixes for a security vulnerability (CVE-2018-5803) discovered in Linux kernel's SCTP Protocol implementation, an integer overflow error (CVE-2018-6927) in the futex implementation, and a memory leak (CVE-2018-7757) in the SAS driver subsystem, all of them affecting both Ubuntu 17.10 and Ubuntu 14.04 LTS operating systems.
For Ubuntu 16.04 LTS, the Linux kernel update addresses ten security vulnerabilities, including two integer overflow issues (CVE-2017-18255 and CVE-2017-18257) in the perf subsystem and F2FS file system, an information leak (CVE-2018-1000204) in the generic SCSI driver, as well as bugs in the wait4() and kill() system calls (CVE-2018-10087 and CVE-2018-10124).
Additionally, the kernel update patches Ubuntu 16.04 LTS and 14.04 LTS users against the 4th variant of the Spectre security vulnerability (CVE-2018-3665) discovered by Julian Stecklina and Thomas Prescher in FPU register states like AVX, MMX, and SSE, which were lazily restored, thus vulnerable to side-channel attacks, allowing local attackers to expose sensitive information.
Other than that, there were multiple use-after-errors (CVE-2018-5814) discovered in Linux kernel's USB/IP implementation, an information leak (CVE-2017-13695) discovered in Linux kerne's ACPI handling code, and a memory leak (CVE-2018-10021) found in Linux kernel's Serial Attached SCSI (SAS) implementation, which were fixed for Ubuntu 16.04 LTS users.
Two security issues (CVE-2017-12154 and CVE-2017-12193) affecting the nested KVM and associative array implementations, and a race condition (CVE-2017-15265) in the ALSA subsystem on Ubuntu 14.04 LTS were patched as well. All users are urged to update their installations as soon as possible by following the instructions available at https://wiki.ubuntu.com/Security/Upgrades.