---

Canonical Outs Major Linux Kernel Security Updates for All Supported Ubuntu OSes

Affecting the Linux 5.0, 4.15, and 4.4 kernels of Ubuntu 19.04 (Disco Dingo), Ubuntu 18.04 LTS (Bionic Beaver), and Ubuntu 16.04 LTS (Xenial Xerus), the most critical vulnerability (CVE-2019-10638) fixed in this new security update was discovered by Amit Klein and Benny Pinkas in the Linux kernel when randomizing IP ID values generated for connectionless networking protocols, which could allow a remote attacker track particular Linux devices. Also discovered by Amit Klein and Benny Pinkas, the security update addresses another critical vulnerability (CVE-2019-10639) in the Linux kernel, but only affecting the Linux 4.15 kernel used in the Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04 LTS (Xenial Xerus) systems. This could allow a remote attacker to exploit another vulnerability in the Linux kernel as the location of kernel addresses could exposed by the implementation of connection-less network protocols.