Canonical releases kernel security updates for the all supported Ubuntu versions

For all Ubuntu versions that are still supported, Canonical today released a new kernel security update that fixes multiple vulnerabilities recently discovered by several security researchers. This round of security patches fixes the CDROM-driven integer overflow vulnerability (CVE-2018-18710) in the Linux Kernel, allowing local attackers to steal sensitive information.

Including Ubuntu 18.10 (Cosmic Cuttlefish), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 14.04 LTS (Trusty Tahr), all supported Ubuntu versions are affected by this problem.

In addition, this update also fixes several other vulnerabilities affecting Ubuntu 18.04 LTS, Ubuntu 16.04 LTS and Ubuntu 14.04 LTS versions, including race conditions in MIDI drivers in Linux Kernel (CVE-2018-10902), POSIX timer implementation Integer Overflow Vulnerability, Free Use Vulnerability in Infiniband Implementation (CVE-2018-14734).

In addition, a vulnerability (CVE-2018-16276) was discovered in the Linux Kernel’s YUREX USB device driver, which allows a physical attacker to execute arbitrary code or crash the target system. CVE-2018-18445 and CVE-2018-18690 are vulnerabilities in the BPF verifier and XFS file system, respectively, allowing local attackers to initiate a denial of service attacks.

All Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS and Ubuntu 14.04 LTS users should upgrade the system immediately. For specific upgrade operations, please visit the Canonical official upgrade instructions.