Canonical: Ubuntu 16.04.4 LTS delayed due to CPU Vulnerability

Canonical announced today that it will postpone the upcoming Ubuntu 16.04.4 LTS maintenance release update due to the recent specter and Meltdown security flaws. This version, originally scheduled to be online on February 15, 2018, is the fourth of five scheduled versions of the Xenial Xerus system to include the latest Linux Kernel kernel and a graphics stack based on Ubuntu 17.10 (Artful Aardvark).

Due to the ongoing evolution of the fixes for the recently announced Meltdown and Spectre security vulnerabilities [1], we are delaying the 16.04.4 point release, originally scheduled for the week of February 15. We intend that, when it is released, 16.04.4 will include kernels which mitigate these severe vulnerabilities. We also recognize that, because updates for these security vulnerabilities are currently monopolizing the SRU queue for kernels, there is no opportunity for any other point-release-critical fixes to be included, and we need to allow the dust to settle a bit before putting the finishing touches on the point release. We are currently unable to set a new firm date for the release, but we do not expect the schedule to slip more than a few weeks.

Canonical has aggressively released fixes for the still-supported versions of Ubuntu earlier this month after exposing the two CPU vulnerabilities, but consolidating these vulnerabilities is not that easy and has resulted in the release of the Ubuntu 16.04.4 LTS release postponed, but at the moment there is no clear announcement announced the specific release date.