[Ksplice][Ubuntu-12.10-Updates] New updates available via Ksplice (USN-2178-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Mon Apr 28 02:47:31 PDT 2014
Synopsis: USN-2178-1 can now be patched using Ksplice
CVEs: CVE-2014-0049 CVE-2014-0069
Systems running Ubuntu 12.10 Quantal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2178-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 12.10 Quantal
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Deadlock in PCI DMA subsystem when allocating a DMA buffer.
A logic error in the PCI DMA architecture dependent code could lead to a
deadlock.
* CVE-2014-0069: Incorrect handling of bad iovecs in CIFS.
A flaw in how CIFS handled iovecs could be used by an unprivileged local
user with access to crash the system or leak kernel memory.
* Data corruption in ext4 when resizing with non-standard blocks-per-group number.
A flaw in the ext4 resizing code could lead to data corruptions when the
number of blocks per group is not 8.
* Deadlock in the tg3 ethernet driver when changing the MTU.
Incorrect locking in the tg3 ethernet driver could lead to a deadlock when
changing the MTU. A local, privileged user could use this flaw to cause a
denial-of-service.
* Denial-of-service in KVM with nested VMs.
A missing check in the KVM MMU code could lead to a kernel crash. A local,
privileged user could use this flaw to cause a denial-of-service.
* Use-after-free in STE DMA driver tasklet.
A flaw in the STE DMA driver results in a use-after-free and potentially to
a kernel crash.
* Denial-of-service in QLogic driver on selective retransmission request.
A missing check in the QLogic driver code results in NULL pointer
dereference and kernel crash. A remote user could use this flaw to cause a
denial-of-service.
* Denial-of-service in perf subsystem when hotplugging CPU.
Incorrect locking in the perf subsystem could lead to use-after-free and
kernel crash when hotplugging a CPU. A local, privileged user could use
this flaw to cause a denial-of-service.
* CVE-2014-0049: Code execution in KVM mmio emulator.
A logic error in the KVM code could lead to out of bounds memory accesses,
resulting in a kernel crash or potentially allowing a local user to write
in the host memory. A local, privileged user could use this flaw to elevate
privileges and execute arbitrary code in kernel mode.
* Denial-of-service in cgroup subsystem when adding a cgroup to a task.
Incorrect locking in the cgroup subsystem could lead to list corruptions
and kernel crash under specific conditions. A local, unprivileged user
could use this flaw to cause a denial-of-service.
* Use-after-free in i7 EDAC driver when iterating PCI devices.
Due to incorrect reference counting in the i7 EDAC driver, a use-after-free
could result in a kernel crash and denial-of-service.
* Deadlock in EHCI USB2 controller driver when handling an interrupt.
Incorrect locking in the EHCI driver code could lead to a deadlock,
resulting in a denial-of-service under specific conditions.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com
More information about the Ksplice-Ubuntu-12.10-Updates
mailing list