Kernel Vulnerabilities in Ubuntu 16.04

[Coastie]

Is this a problem in LL 3.0? http://news.softpedia.com/news/canonical-patches-seven-linux-kernel-vulnerabilities-in-ubuntu-16-04-update-now-505720.shtml I have been looking for something about a kernel update when I install updates every day since I read about this.  :-\

Today, June 27, 2016, Canonical has published a new security notice to inform users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system about the availability of an important kernel update. According to Ubuntu Security Notice USN-3016-1, a total of seven Linux kernel vulnerabilities have been discovered and fixed in the upstream Linux 4.4 LTS kernel by various developers. Therefore, Canonical has updated the kernel packages for its Ubuntu 16.04 LTS (Xenial Xerus) release to version linux-image-4.4.0-28 (4.4.0-28.47).
Among the patches, we can notice those for some validation issues with Linux kernel's netfilter implementation, an information leak in the core USB implementation, an information leak in the timer handling implementation, an information leak in the X.25 Call Request handling, and a bug in the Transparent Inter-process Communication (TIPC) implementation.
Detailed information and the respective CVEs are available in the security notice for your reading pleasure. The problems affect Ubuntu 16.04 LTS and all of its official derivatives, including Kubuntu 16.04 LTS, Xubuntu 16.04 LTS, Lubuntu 16.04 LTS, Ubuntu MATE 16.04 LTS, Ubuntu GNOME 16.04 LTS, Ubuntu Kylin 16.04 LTS, and Ubuntu Studio 16.04 LTS.
Ubuntu 16.04 LTS users need to update right now If you are using the Ubuntu 16.04 LTS (Xenial Xerus) operating system, Canonical urges you to update as soon as possible. The new kernel version, linux-image-4.4.0-28 (4.4.0-28.47), is now live in the main software repositories. To update, open the Software Updater utility from the Unity Dash and apply all available updates by clicking on the "Install All" button.
For more details, please also visit https://wiki.ubuntu.com/Security/Upgrades. Keep in mind, though, that Ubuntu 16.04 LTS (Xenial Xerus) doesn't feature the live patching technology in its kernel packages, so you'll need to reboot your system for the new version to take effect. Also, you will have to rebuild any third-party kernel module you might have installed.
Update: Canonical has also released today the Ubuntu Security Notice USN-3017-1 bulletin to inform the community that all the issues patched in the kernel packages of Ubuntu 16.04 LTS (Xenial Xerus) should be of interest to users of Ubuntu 15.10 (Wily Werewolf) as well. Ubuntu 15.10 users need to update their systems to linux-image-4.2.0-41 (4.2.0-41.48) as soon as possible. Ubuntu 14.04 LTS and Ubuntu 12.04 LTS users are affected as well.

[Wirezfree]

Hi,

The way I read this...
Affects all Ubuntu based systems from 12.04 upwards, so LL 2.x & 3.x, but only if you have Kernel 4.4 and/or upwards..??. maybe..??

[Coastie]

uname -a shows I am using kernel 4.4.0-28-generic  :'(

[Valtam]

To update, open a terminal do:

Code:

sudo apt-get update

Code:

sudo apt-get install linux-generic

Reboot.

To easy

[Coastie]

Followed your instructions, Jerry. Reported I was using the latest kernel. Rebooted and uname -a still shows I am using kernel 4.4.0-28-generic  :-\

[Valtam]

uname -a should show you WAY more than that, on my machine uname -a produces:

Code:

jerry@z800:~$ uname -a
Linux z800 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:09:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
jerry@z800:~$

[Coastie]

It does.

Code:

coastie@ASUS-K30BF-M32BF:~$ uname -a
Linux ASUS-K30BF-M32BF 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:09:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
coastie@ASUS-K30BF-M32BF:~$

Since it says the same as yours, does this mean LL does not have this kernel vulnerability?  :-\

[LL-user]

Is this a problem in LL 3.0? http://news.softpedia.com/news/canonical-patches-seven-linux-kernel-vulnerabilities-in-ubuntu-16-04-update-now-505720.shtml I have been looking for something about a kernel update when I install updates every day since I read about this.  :-\

Today, June 27, 2016, Canonical has published a new security notice to inform users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system about the availability of an important kernel update. According to Ubuntu Security Notice USN-3016-1, a total of seven Linux kernel vulnerabilities have been discovered and fixed in the upstream Linux 4.4 LTS kernel by various developers. Therefore, Canonical has updated the kernel packages for its Ubuntu 16.04 LTS (Xenial Xerus) release to version linux-image-4.4.0-28 (4.4.0-28.47).
...

Hi Coastie,

Referring to your quote, you can see that the patched kernel. i.e. the one with the vulnerabilities fixed is linux-image-4.4.0-28 (4.4.0-28.47) which you seemed to have installed

[Valtam]

LLUser is correct.

Sent from my phone using Tapatalk

[banko]

Thanks Jerry