Today, October 20, 2016, Linux kernel maintainer Greg Kroah-Hartman announced three new maintenance updates for the Linux 4.8, 4.7, and 4.4 LTS kernel series, patching a major security vulnerability.
Known as "Dirty COW," the Linux kernel vulnerability documented at CVE-2016-5195 is, in fact, a nasty bug that could have allowed local users to write to any file they can read. The worst part is that the security flaw was present in various Linux kernel builds since at least the Linux 2.6.x series, which reached end of life in February this year.
As reported earlier, three new Linux kernel maintenance releases arrived for various Linux-based operating systems, patching a critical and ancient bug popularly known as "Dirty COW."
We already told you that the kernel vulnerability could be used by a local attacker to run programs as an administrator, and it looks like it also affects all supported Ubuntu releases, including Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 14.04 LTS (Trusty Tahr), and Ubuntu 12.04 LTS (Precise Pangolin), as well as all of their official or unofficial derivatives running the same kernel builds.
Kernel live patching enables runtime correction of critical security
issues in your kernel without rebooting. It’s the best way to ensure
that machines are safe at the kernel level, while guaranteeing uptime,
especially for container hosts where a single machine may be running
thousands of different workloads.
We’re very pleased to announce that this new enterprise, commercial
service from Canonical will also be available free of charge to the
The Canonical Livepatch Service is an authenticated, encrypted, signed
stream of livepatch kernel modules for Ubuntu servers, virtual
machines and desktops.
Ubuntu 16.04 LTS’s 4.4 Linux kernel includes an important new security capability in Ubuntu -- the ability to modify the running Linux kernel code, without rebooting, through a mechanism called kernel livepatch.
After the previous 16.04 Long Term Release, Ubuntu has rolled out its latest ‘short term’ (my own naming convention for the non-LTS releases) version 16.10. Mainly, the ‘short term’ releases are only supported for 9 months and usually include software applications with their recent updates.
When you release a new version of your operating system within every 6 months, usually there isn’t a lot of room for adding major changes. And that is the case with many GNU/Linux distributions these days, and Ubuntu 16.10 release is no exception. Since Unity is based on the user application set provided by GNOME desktop environment, according to the release notes, the underlying GNOME user applications have been upgraded to the version 3.20 at least (which is the case with the file manager -- ‘files’, for instance) and some others have been upgraded to the version 3.22 which is the latest release of GNOME currently.
Comment Red Hat is the biggest – and one of the oldest – companies in the Linux world, but despite the difficulty of accurately measuring Linux usage figures, Ubuntu and its relatives seem to be the most popular Linux distributions. Red Hat isn’t sitting idle, though. Despite its focus on enterprise software, including virtualisation, storage and Java tools, it’s still aggressively developing its family of distros: RHEL, CentOS and Fedora.
Fedora is the freebie community-supported version, with a short six-month release cycle, but it’s still important. Although RHEL is the flagship, it’s built from components developed and tested in Fedora. According to Fedora Project Lead Matthew Miller told this year’s Flock to Fedora conference this summer its future looks bright.