Softpedia reports
The patch addresses a total of nine security vulnerabilities
[...] All these flaws could [allow] local attackers to either crash the system or execute arbitrary code, bypass intended access restrictions to the connection tracking helpers list, as well as to inappropriately modify the system-wide operating system fingerprint list. Canonical urges all Ubuntu 16.04 LTS and Ubuntu 14.04 LTS users using the Canonical Livepatch to update their system immediately. A restart is not required when updating the kernel [using the] live patch.
(Score: 2) by boltronics on Friday May 11 2018, @02:30AM (1 child)
That's old news. What about the kernel security issue that came out just a few days later?
https://lists.ubuntu.com/archives/ubuntu-security-announce/2018-May/004386.html [ubuntu.com]
"The fix for this problem requires modification of the interrupt descriptor
tables (IDT), and modification of the interrupt handlers. Livepatch is
unable to safely modify these areas, so upgrading to a corrected kernel
and rebooting is required to fix the problem."
So you've still got to reboot if you want to remain secure.
It's GNU/Linux dammit!
(Score: 1, Interesting) by Anonymous Coward on Friday May 11 2018, @02:43AM
Plus live patching doesn't completely negate the need to reboot. After a live patch, every call has added overhead to determine whether it is patched or not, which increases per live patch installed. Also, depending on the work it does, it can murder performance, cause instability, and increase attack surface area for escalation attacks. Only with a reboot do you get the fresh kernel.