---

Canonical Patches New Linux Kernel Vulnerabilities in All Supported Ubuntu OSes

The first security flaw is an unbounded recursion in Linux kernel’s VLAN and TEB Generic Receive Offload (GRO) processing implementations, which could have allowed a remote attacker to crash the system through a denial of service or cause a stack corruption. It was discovered by Vladim??r Bene?? and affects Ubuntu 16.04 and 14.04. The second vulnerability is a use-after-free condition in Linux kernel’s TCP retransmit queue handling code, which could have allowed a local attacker to crash the system through a denial of service or execute malicious code. The issue was discovered by Marco Grassi and affects Ubuntu 16.04 LTS, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS.