After releasing the new kernel update for Ubuntu 16.04 LTS (Xenial Xerus) systems to patch 13 security vulnerabilities, Canonical announced the availability of a major kernel update for Ubuntu 17.10.
If you’re using the latest Ubuntu 17.10 (Artful Aardvark) operating system on your personal computer, you should know that it received it’s first major kernel update since the official release back in October 19, 2017. The update addresses a total of 20 security vulnerabilities for Ubuntu 17.10’s Linux 4.13 kernel packages, including the Raspberry Pi 2 one.
Among the security issues patched in this update, five are related to Linux kernel’s USB subsystem, including a use-after-free vulnerability, which could allow a physically proximate attacker to crash the affected system by causing a denial of service (DoS attack) or possibly execute arbitrary code. Other three are related to the ALSA subsystem, including a race condition.
On top of those, the new kernel update addresses various security issues discovered by various researchers in Linux kernel’s KVM subsystem and nested KVM implementation, the netlink wireless configuration interface, SCSI subsystem, key management subsystem, ATI Radeon framebuffer driver, iSCSI transport implementation, Floating Point Unit (fpu) subsystem, and Ultra Wide Band driver.
All Ubuntu 17.10 flavors are affected
Today’s kernel update also fixes an information leak discoverd in Linux kernel’s waitid implementation, but it should be noted here that most of these vulnerabilities only allow local attackers to cause a denial of service, execute arbitrary code, or expose sensitive information from kernel memory, depending on the issue. More details are available in Canonical’s USN-3487-1 security notice.
Users are urged to update their installations to either linux-image-4.13.0-17-generic 4.13.0-17.20 on 64-bit and 32-bit systems or linux-image-4.13.0-1006-raspi2 4.13.0-1006.6 if they use the Ubuntu 17.10 for Raspberry Pi 2 kernel. To update your installations, simply run the “sudo apt update && sudo apt dist-upgrade” command in the Terminal app or follow Canonical’s instructions at https://wiki.ubuntu.com/Security/Upgrades.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.