Canonical released major Linux kernel updates for all supported Ubuntu Linux operating system series to address dozens of security vulnerabilities affecting all supported architectures on desktop, server, and cloud.
Available for Ubuntu 19.04 (Disco Dingo), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 ESM (Trusty Tahr), the new Linux kernel security updates are here to patch more than 30 security vulnerabilities, including a heap buffer overflow discovered in the Marvell Wireless LAN device driver and a NULL pointer dereference discovered in the Near-field communication (NFC) implementation.
The security patch also addresses a use-after-free vulnerability discovered by Google Project Zero’s Jann Horn in the Linux kernel when accessing LDT entries, as well as a race condition when performing core dumps. A flaw discovered by Andrei Vlad Lutas and Dan Lutas in x86 processors, which incorrectly handled SWAPGS instructions during speculative execution, was fixed as well.
Several other security flaws affecting Linux kernel’s PowerPC dlpar implementation, ptrace implementation, Bluetooth implementation, alarmtimer implementation, cleancache, USB, and block layer subsystems, MDIO bus devices subsystem, Empia EM28xx DVB USB device driver, USB video device class implementation, Appletalk IP encapsulation driver, as well as the XFS, Btrfs, F2FS, and HFS+ filesystems were patched in the new security update.
Users are urged to update their installations immediately
If you’re using Ubuntu 18.04 LTS (Bionic Beaver) or Ubuntu 16.04 LTS (Xenial Xerus) with the Linux 4.15 kernel, you are urged to update your installations as soon as possible to linux-image 4.15.0-58.64. On the other hand, Ubuntu 19.04 (Disco Dingo) and Ubuntu 18.04.3 LTS (Bionic Beaver) users using the Linux 5.0 kernel are urged to update their systems to linux-image 5.0.0-25.26.
If you’re using Ubuntu 16.04 LTS (Xenial Xerus) with Linux kernel 4.4, you must update to linux-image 4.4.0-159.187. New kernel versions are also available for Amazon Web Services (AWS) systems, Microsoft Azure Cloud systems, Google Cloud Platform (GCP) systems, Google Container Engine (GKE) systems, Oracle Cloud systems, Snapdragon processors, Raspberry Pi 2 systems, cloud environments, and OEM processors.
>> Source Link