14 DAY TRIAL // Canonical's Benjamin M. Romer announced that a new kernel livepatch is now available for users of the Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 14.04 LTS (Trusty Tahr) operating systems using the service, addressing the recently disclosed "Stack Clash" vulnerability.
As reported this week, Canonical already managed to update the kernel packages of all of its supported Ubuntu Linux releases, including Ubuntu 14.04 LTS (Trusty Tahr), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 16.10 (Yakkety Yak), and Ubuntu 17.04 (Zesty Zapus) patching multiple security flaws, including CVE-2017-1000364.
We also reported that Canonical released a kernel update for Ubuntu 12.04 LTS (Precise Pangolin) because the company introduced ESM (Extended Security Maintenance) to provide important security fixes for the kernel to those willing to pay for the service. And now they released a livepatch kernel for Ubuntu 16.04 LTS and Ubuntu 14.04 LTS, patching the "Stack Clash" security flaw.
"It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges," reads the LSN-0024-1 security advisory.
If you're using the Canonical Livepatch Service on your Ubuntu 16.04 LTS (Xenial Xerus) or Ubuntu 14.04 LTS (Trusty Tahr) operating systems with the Linux 4.4 kernel series, you are urged to update to kernel 4.4.0-79.100 and lts-4.4.0-71.92_14.04.1-lts-xenial. Canonical also recommends users to install the normal kernel and reboot their machines, though using livepatch you don't have to.