[Ksplice][Ubuntu-12.10-Updates] New updates available via Ksplice (USN-1881-1)

Sonja Tideman sonja.tideman at oracle.com
Fri Jun 14 10:02:26 PDT 2013 

Synopsis: USN-1881-1 can now be patched using Ksplice
CVEs: CVE-2013-0160 CVE-2013-1979 CVE-2013-2141 CVE-2013-3076 
CVE-2013-3222 CVE-2013-3223 CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 
CVE-2013-3228 CVE-2013-3229 CVE-2013-3230 CVE-2013-3231 CVE-2013-3232 
CVE-2013-3233 CVE-2013-3234 CVE-2013-3235

Systems running Ubuntu 12.10 Quantal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1881-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.10 Quantal
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-3076: Kernel stack information leak in userspace crypto API.

missing initialization could allow a local user to leak kernel stack
information when receiving results.


* CVE-2013-3223: Kernel stack information leak in amateur radio drivers.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages.


* CVE-2013-3224: Kernel stack information leak in Bluetooth sockets.

Receiving messages from a bluetooth socket whilst the socket is
simultaneously being shut down could leak kernel stack bytes to
userspace allowing a local user to gain information about the running
kernel.


* CVE-2013-3235: Kernel stack information leak in TIPC protocl.

Missing initialization could allow a local user to leak stack
information when receiving messages on a Transparent Inter Process
Communication (TIPC) socket.


* CVE-2013-3234: Kernel stack information leak in ROSE protocol.

Missing initialization could allow a local user to leak kernel stack
information when receiving from a ROSE socket.


* CVE-2013-3225: Kernel stack information leak in Bluetooth rfcomm.

Missing data clearing operations could allow a local user to leak kernel
stack memory to userspace.


* CVE-2013-3222: Kernel stack information leak in ATM sockets.

Missing data clearing operations could allow an unprivileged user to
leak kernel stack memory to userspace.


* CVE-2013-2141: Information leak in tkill() and tgkill() system calls.

Due to a lack of proper initialisation, the tkill() and tgkill() system
calls may leak data from the kernel stack to an unprivileged local user.


* Buffer overflow in HFS+ filesystem.

An implicit truncation of an inode's size could lead to a buffer overflow
that is exploitable by local users with write access to an HFS+ filesystem.


* Use-after-free in Async I/O debug prints.

An async I/O ring may be released before a debug print regarding that
ring, causing a use-after-free.


* CVE-2013-0160: Information disclosure by keystroke timing on a ptmx 
device.

It is possible to calculate the length of a user's password using a 
timing attack
on the ptmx device.


* CVE-2013-3227: Kernel stack leak when receiving CAIF packets.

A part of the stack will leak when an attempt to receive packets from a
CAIF socket that doesn't have the name field set allowing kernel stack
memory to leak to userspace.


* CVE-2013-3228: Kernel stack information leak in IRDA sockets.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages.


* CVE-2013-3229: Kernel stack information leak in IUCV sockets.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages from an iUCV socket.


* CVE-2013-3231: Kernel stack information leak in LLC sockets.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages.


* Kernel stack leak when receiving Netrom packets when message name 
isn't set.

A part of the stack will leak when an attempt to receive packets from a
Netrom socket that doesn't have the name field set.


* CVE-2013-3232: Kernel stack information leak in amateur radio NET/ROM 
driver.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages from a NET/ROM socket.


* CVE-2013-3233: Kernel stack information leak in NFC sockets.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages.


* Kernel panic on removal of the network bonding device module.

A race condition between removal of a network bonding device module and the
removal of the actual bond devices may cause a kernel panic.


* CVE-2013-3230: Kernel stack information leak in L2TP sockets.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages.


* Kernel crash in cgroup process attachment.

Incorrect initialization could cause the kernel to crash on memory
allocation failure when under heavy memory pressure.


* Use-after-free in sysfs read/write accesses.

A race condition between read/write accesses and readdir calls on sysfs
directories could result in a use-after-free and kernel crash.


* Denial-of-service in /proc/fs/fscache/stats.

A memory leak in /proc/fs/fscache/stats could allow an unprivileged user
to leak memory and cause a denial-of-service.


* Denial-of-service in dcache shrinking.

Removing entries from the dcache when there are a large number of open
files could result in a soft-lockup of the system.


* Use-after-free in frame buffer console fonts.

Changing framebuffer consoles did not correctly font data resulting in
use-after-free and kernel crash.


* Denial-of-service in Intel Last Branch Record (LBR) performance filter.

Unvalidated user input could allow a local user to cause the kernel to
read from a user supplied address causing a kernel panic.


* Kernel information leak in Intel Last Branch Record profiling.

Missing permission checks could allow an unprivileged user to extract
kernel address information using the Last Branch Record feature on Intel
devices.


* Memory leak in tree auditing subsystem.

Incorrect reference counting in error situations in the auditing subsystem
could lead to memory leaks. This could potentially be used by a local,
unprivileged user to cause a denial-of-service.


* Kernel crash in performance monitoring system.

Due to an incorrect bit mask, a user could write to a reserved CPU bit
and crash the kernel.


* Information leak in SCTP keys.

SCTP keys were not be zeroed before being freed, which could allow
the keying material to be leaked.


* CVE-2013-1979: Privilege escalation with UNIX socket credentials.

Incorrect passing of credentials over a UNIX domain socket could allow
an unprivileged user to use a setuid binary to escalate privileges to
superuser level.


* NULL pointer dereference in ALSA driver.

A NULL pointer derference in the ALSA HDA driver can lead to
a kernel Oops.


* Unchecked user input used in open source Radeon driver.

The Radeon driver didn't check user memory before copying it, which could
potentially be used to create a kernel exploit.


* NULL pointer dereference in usermodehelper.

A missing NULL pointer check could lead to a NULL pointer dereference
and a kernel crash.


* Incomplete zeroing of data in the device mapper.

A bug in the dm thin pool could cause discarded data areas to not
be correctly zeroed out.


* Denial of service in watchdog registration.

A race condition in watchdog registration could lead to a deadlock.  This
could be used to cause a denial of service by a malicious user.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-12.10-Updates mailing list