Canonical Outs Important Linux Kernel Updates for All Supported Ubuntu Releases

The security patch fixes an integer overflow vulnerability (CVE-2018-18710) discovered in Linux kernel’s CDROM driver, which could allow a local attacker to expose sensitive information. This issue affects all supported Ubuntu releases, including Ubuntu 18.10 (Cosmic Cuttlefish), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr). Also fixed are several other vulnerabilities affecting only Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS releases, including a race condition (CVE-2018-10902) in Linux kernel’s raw MIDI driver, an integer overrun vulnerability in the POSIX timers implementation, and a use-after-free vulnerability (CVE-2018-14734) in the Infiniband implementation.