14 DAY TRIAL // Canonical released a new Linux kernel live patch for all of its supported Ubuntu Linux operating system releases to address various security vulnerabilities for those who use the Canonical Livepatch Service.
Available for Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr), the new kernel live patch fixes a total of five security vulnerabilities, including the recently disclosed critical TCP flaw (CVE-2018-5390) discovered by Juha-Matti Tilli, which could allow a remote attacker to cause a denial of service.
The rebootless kernel security patch also addresses a vulnerability (CVE-2018-13405) in the inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 that could allow a local user to escalate his/her privileges by creating a file with an unintended group ownership and then make the file executable and SGID (Set Group ID).
"In a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group," reads the security advisory.
Other security flaws fixed include an issue (CVE-2018-13094) discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3 that could cause an OOPS on a corrupted XFS image after calling the xfs_da_shrink_inode() function with a NULL bp, and an EXT4 issue (CVE-2018-1094), discovered by Wen Xu, that could let a local attacker to crash the system with a denial of service.
Users are urged to update their systems immediately
Another security flaw (CVE-2018-11506) patched by this new kernel live patch affected Linux kernel's sr_do_ioctl function in drivers/scsi/sr_ioctl.c, allowing local users to cause a denial of service (stack-based buffer overflow). Therefore, Canonical urges all users using the Canonical LivePatch Service to update their systems immediately.
While Ubuntu 18.04 LTS (Bionic Beaver) users would have to update to kernel 4.15.0-29.31, Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 14.04 LTS (Trusty Tahr) users must update their installations to kernels 4.4.0-131.157 and 4.4.0-131.157~14.04.1 respectively. All kernels are available only for 64-bit (amd64) architectures and are present in generic or lowlatency flavors. No reboot is required!