---

Canonical Releases New Linux Kernel Live Patch for Ubuntu 18.04 LTS and 16.04 LTS

Available for Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr), the new kernel live patch fixes a total of five security vulnerabilities, including the recently disclosed critical TCP flaw (CVE-2018-5390) discovered by Juha-Matti Tilli, which could allow a remote attacker to cause a denial of service. The rebootless kernel security patch also addresses a vulnerability (CVE-2018-13405) in the inode_init_owner function in fs/inode.c in the Linux kernel through 4.17.4 that could allow a local user to escalate his/her privileges by creating a file with an unintended group ownership and then make the file executable and SGID (Set Group ID).