Today, June 27, 2016, Canonical published a new security notice to inform users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system about the availability of an important kernel update.
According to Ubuntu Security Notice USN-3016-1, a total of seven Linux kernel vulnerabilities have been discovered and fixed in the upstream Linux 4.4 LTS kernel by various developers. Therefore, Canonical updated the kernel packages for its Ubuntu 16.04 LTS (Xenial Xerus) release to version linux-image-4.4.0-28 (4.4.0-28.47).
Among the patches, we can notice validation issues with Linux kernel’s netfilter implementation, an information leak in the core USB implementation, an information leak in the timer handling implementation, an information leak in the X.25 Call Request handling, and a bug in the Transparent Inter-process Communication (TIPC) implementation.
Detailed information and the respective CVEs are available in the security notice for your reading pleasure. The issues affect Ubuntu 16.04 LTS and all of its official derivatives, including Kubuntu 16.04 LTS, Xubuntu 16.04 LTS, Lubuntu 16.04 LTS, Ubuntu MATE 16.04 LTS, Ubuntu GNOME 16.04 LTS, Ubuntu Kylin 16.04 LTS, and Ubuntu Studio 16.04 LTS.
Ubuntu 16.04 LTS users need to update right now
If you are using the Ubuntu 16.04 LTS (Xenial Xerus) operating system, Canonical urges you to update as soon as possible. The new kernel version, linux-image-4.4.0-28 (4.4.0-28.47), is now live in the main software repositories. To update, open the Software Updater utility from the Unity Dash and apply all available updates by clicking on the “Install All” button.
For more details, please also visit https://wiki.ubuntu.com/Security/Upgrades. Keep in mind though that Ubuntu 16.04 LTS (Xenial Xerus) doesn’t feature the live patching technology in its kernel packages, so you’ll need to reboot your system for the new version to take effect. Also, you will have to rebuild any third-party kernel module you might have installed.
Update: Canonical also released today the Ubuntu Security Notice USN-3017-1 bulletin to inform the community that all the issues patched in the kernel packages of Ubuntu 16.04 LTS (Xenial Xerus) affect users of Ubuntu 15.10 (Wily Werewolf) as well. Ubuntu 15.10 users need to update their systems to linux-image-4.2.0-41 (4.2.0-41.48) as soon as possible. Ubuntu 14.04 LTS and Ubuntu 12.04 LTS users are affected as well.