[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (2.6.32-48squeeze9)

[Oracle Ksplice]

Synopsis: 2.6.32-48squeeze9 can now be patched using Ksplice
CVEs: CVE-2013-7268 CVE-2014-3673 CVE-2014-4508 CVE-2014-4608 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 CVE-2014-9090

Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian kernel update, 2.6.32-48squeeze9.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2014-4943: Privilege escalation in PPP over L2TP setsockopt/getsockopt.

PPP over L2TP sockets incorrectly used UDP's getsockopt and setsockopt
as a fallback handler. Since UDP's implementation expects different
data structures, a local attacker could corrupt kernel memory and gain
root privileges.


* CVE-2014-5077: Remote denial-of-service in SCTP on simultaneous connections.

Linux kernel built with the support for Stream Control Transmission
Protocol is vulnerable to a NULL pointer dereference flaw. It could occur
when simultaneous new connections are initiated between the same pair of
hosts. A remote user/program could use this flaw to crash the system kernel
resulting in denial-of-service.


* CVE-2013-7268: Information leak in recvmsg handler.

Missing initialization in the network recvmsg handlers could leak kernel
memory into userspace.


* CVE-2014-4508: Denial-of-service in syscall audit code when using wrong syscall number.

A flaw in the error path of the entry point of a syscall leads to a kernel
panic if syscall auditing is enabled and the syscall number is larger than
the number of syscalls. A local, unprivileged user could use this flaw to
cause a denial-of-service.


* CVE-2014-3673: Remote denial-of-service in SCTP stack.

A flaw in the SCTP stack when receiving malformed ASCONF chunks leads to a
kernel panic. A remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2014-4608: Memory corruption in kernel lzo decompressor.

Missing bounds checking in the kernel lzo compressor can allow malformed
data to trigger kernel memory corruption. A local attacker could use
this flaw to gain elevated privileges.


* CVE-2014-5471, CVE-2014-5472: Privilege escalation in ISO filesystem implementation.

The parse_rock_ridge_inode_internal() function in the ISO filesystem driver
does not correctly check relocated directories when processing Rock Ridge
child link tags. An attacker with physical access to the system could use a
specially crafted ISO image to cause a denial of service or, potentially,
escalate their privileges.


* CVE-2014-4653: Use after free in ALSA card controls.

Missing synchronization in ALSA card controls could lead to a control
being freed while being in use.


* CVE-2014-4654, CVE-2014-4655: Missing validity checks in ALSA user controls.

Missing validity checks when replacing user controls could lead to an attempt
to free something that is not a user control or a control that is not owned
by the process. Userspace was also allowed to to bypass user control count
by overflowing it.


* CVE-2014-9090: Denial-of-service in double-fault handling on bad stack segment.

A flaw when handling double faults associated with the stack segment
register could lead to a kernel panic.  A local, unprivileged user could
use this flaw via the modify_ldt() system call to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.