[ SECURITY ] Kernel Vulnerabilities in Ubuntu 16.04

[bfb]

Thanks Torrydale.

[Jerry]

No problemo

[JmaCWQ]

Thanks Jerry 

[Jerry]

12.04 = 1.x Series
14.04 = 2.x Series
16.04 = 3.x Series

[JmaCWQ]

It says at the bottom of the announcement in post #1 "Ubuntu 14.04 LTS and Ubuntu 12.04 LTS users are affected as well."
I take that to mean LL 2.8 needs this kernel upgrade as well.

Can somebody please confirm if the upgrade is required in 2.8 or not?

[torreydale]

4.4.0 is not 4.4.0-28.  And as you stated, you are on LL 2.8 instead of LL 3.0.  So based on the announcement, it appears that you don't have the same exposure to the vulnerabilities.

[bfb]

That works for those on Lite 3.0 as I am on one machine.
I doesn't answer my query on how to get the latest 4.4 kernel if you are on 2.8, which is the case with another of my machines which has the 4.4 lite kernel ..

[Jerry]

Those who upgraded last time, will get this automatically in their updates - http://news.softpedia.com/news/canonical-patches-linux-kernel-vulnerability-in-all-supported-ubuntu-oses-506341.shtml Those who didn't refer to Post #3 in this thread for a how to.

[bfb]

I have the 4.4.0 lite kernel but in lite 2.8.

uname -a
Linux bs-Aspire-V5-573PG 4.4.0-linuxlite #1 SMP Mon Jan 11 15:48:57 NZDT 2016 x86_64 x86_64 x86_64 GNU/Linux

Do I need to upgrade?  and how, since 2.8 is not based on the 16.04 repositories so if I do "sudo apt-get update" I will not get the new kernel, and 'sudo apt-get install linux-generic' will only install older packages...

[Coastie]

LLUser is correct.

Thanks LLUser and Jerry. 

[banko]

Thanks Jerry 

[Jerry]

LLUser is correct.

Sent from my phone using Tapatalk

[LL-user]

Is this a problem in LL 3.0? http://news.softpedia.com/news/canonical-patches-seven-linux-kernel-vulnerabilities-in-ubuntu-16-04-update-now-505720.shtml I have been looking for something about a kernel update when I install updates every day since I read about this. 

Today, June 27, 2016, Canonical has published a new security notice to inform users of the Ubuntu 16.04 LTS (Xenial Xerus) operating system about the availability of an important kernel update. According to Ubuntu Security Notice USN-3016-1, a total of seven Linux kernel vulnerabilities have been discovered and fixed in the upstream Linux 4.4 LTS kernel by various developers. Therefore, Canonical has updated the kernel packages for its Ubuntu 16.04 LTS (Xenial Xerus) release to version linux-image-4.4.0-28 (4.4.0-28.47).
...

Hi Coastie,

Referring to your quote, you can see that the patched kernel. i.e. the one with the vulnerabilities fixed is linux-image-4.4.0-28 (4.4.0-28.47) which you seemed to have installed

[Coastie]

It does.

Code: [Select]

[email protected]:~$ uname -a
Linux ASUS-K30BF-M32BF 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:09:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[email protected]:~$

Since it says the same as yours, does this mean LL does not have this kernel vulnerability? 

[Jerry]

uname -a should show you WAY more than that, on my machine uname -a produces:

Code: [Select]

[email protected]:~$ uname -a
Linux z800 4.4.0-28-generic #47-Ubuntu SMP Fri Jun 24 10:09:13 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[email protected]:~$