Canonical Releases Ubuntu 16.04 LTS Kernel Patch, Fixed 4 Security Vulnerabilities

The Ubuntu 16.04 kernel patch addresses four vulnerabilities, including the CVE-2018-14734 vulnerability discovered by Noam Rathaus in the Infiniband implementation, which allows an attacker to crash the system through a denial of service; and an integer overflow CVE-2018-16658 in the CD-ROM driver may allow local attackers to expose sensitive information.

It also fixes an integer overflow vulnerability CVE-2018-9363 found from HID Bluetooth implementation of the Linux kernel that could allow an attacker to crash the system or execute arbitrary code via a denial of service; and CIPSO tags realize discovered by Yves Younan, it may allow a remote attacker to cause an infinite loop through a special network traffic CVE-2018-10938.

If you are using the Ubuntu 16.04 LTS Xenial Xerus operating system for the Linux 4.4 kernel family, we recommend that you update/install the targeted kernel update: linux-image-4.4.0-138.164 on 64-bit or 32-bit machines, as well as to linux-image-4.4.0-1099.107 on Raspberry Pi 2 devices, linux-image-4.4.0-1070.80 on Amazon Web Services (AWS) systems, linux-image-kvm-4.4.0-1036.42 on cloud environments, and linux-image-snapdragon-4.4.0-1103.108 on Snapdragon processors.