[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (2.6.32-48squeeze9)
Oracle Ksplice
ksplice-support_ww at oracle.com
Fri Dec 12 09:05:36 PST 2014
Synopsis: 2.6.32-48squeeze9 can now be patched using Ksplice
CVEs: CVE-2013-7268 CVE-2014-3673 CVE-2014-4508 CVE-2014-4608 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-4943 CVE-2014-5077 CVE-2014-5471 CVE-2014-5472 CVE-2014-9090
Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian kernel update, 2.6.32-48squeeze9.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2014-4943: Privilege escalation in PPP over L2TP setsockopt/getsockopt.
PPP over L2TP sockets incorrectly used UDP's getsockopt and setsockopt
as a fallback handler. Since UDP's implementation expects different
data structures, a local attacker could corrupt kernel memory and gain
root privileges.
* CVE-2014-5077: Remote denial-of-service in SCTP on simultaneous connections.
Linux kernel built with the support for Stream Control Transmission
Protocol is vulnerable to a NULL pointer dereference flaw. It could occur
when simultaneous new connections are initiated between the same pair of
hosts. A remote user/program could use this flaw to crash the system kernel
resulting in denial-of-service.
* CVE-2013-7268: Information leak in recvmsg handler.
Missing initialization in the network recvmsg handlers could leak kernel
memory into userspace.
* CVE-2014-4508: Denial-of-service in syscall audit code when using wrong syscall number.
A flaw in the error path of the entry point of a syscall leads to a kernel
panic if syscall auditing is enabled and the syscall number is larger than
the number of syscalls. A local, unprivileged user could use this flaw to
cause a denial-of-service.
* CVE-2014-3673: Remote denial-of-service in SCTP stack.
A flaw in the SCTP stack when receiving malformed ASCONF chunks leads to a
kernel panic. A remote attacker could use this flaw to cause a
denial-of-service.
* CVE-2014-4608: Memory corruption in kernel lzo decompressor.
Missing bounds checking in the kernel lzo compressor can allow malformed
data to trigger kernel memory corruption. A local attacker could use
this flaw to gain elevated privileges.
* CVE-2014-5471, CVE-2014-5472: Privilege escalation in ISO filesystem implementation.
The parse_rock_ridge_inode_internal() function in the ISO filesystem driver
does not correctly check relocated directories when processing Rock Ridge
child link tags. An attacker with physical access to the system could use a
specially crafted ISO image to cause a denial of service or, potentially,
escalate their privileges.
* CVE-2014-4653: Use after free in ALSA card controls.
Missing synchronization in ALSA card controls could lead to a control
being freed while being in use.
* CVE-2014-4654, CVE-2014-4655: Missing validity checks in ALSA user controls.
Missing validity checks when replacing user controls could lead to an attempt
to free something that is not a user control or a control that is not owned
by the process. Userspace was also allowed to to bypass user control count
by overflowing it.
* CVE-2014-9090: Denial-of-service in double-fault handling on bad stack segment.
A flaw when handling double faults associated with the stack segment
register could lead to a kernel panic. A local, unprivileged user could
use this flaw via the modify_ldt() system call to cause a
denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Debian-6.0-Updates
mailing list