[Ksplice][Ubuntu-12.10-Updates] New updates available via Ksplice (USN-2114-1)

[Oracle Ksplice]

Synopsis: USN-2114-1 can now be patched using Ksplice
CVEs: CVE-2013-2929 CVE-2013-4592 CVE-2013-6378 CVE-2013-6380

Systems running Ubuntu 12.10 Quantal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2114-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.10 Quantal
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-6380: Denial-of-service in Adaptec RAID driver.

Incorrect memory allocations in the Adaptec RAID driver could result in
dereferencing an invalid pointer allowing a local user with the
CAP_SYS_ADMIN privilege to crash the system.


* CVE-2013-6378: Denial-of-service in Marvell 8xxx Libertas WLAN driver.

Incorrect validation of user supplied data in the Marvell 8xxx Libertas
WLAN driver could allow a privileged user to trigger an invalid pointer
dereference and crash the system.


* Memory corruption in block core on control group queue initialization failure.

Incorrect error handling could result in memory corruption and a kernel
crash when queue initialization fails.


* Resource leak in Xen blkback block driver during discard.

Incorrect reference counting could result in a failure to free the block
interface.  This could cause device hotplug to fail.


* CVE-2013-4592: Denial-of-service in KVM IOMMU mappings.

A flaw was found in the way IOMMU memory mappings were handled when
moving memory slots. A malicious user on a KVM host who has the ability to
assign a device to a guest could use this flaw to crash the host.


* Memory leak in ext4 filesystem when expanding inode with extended attributes.

A flaw in the ext4 inode expanding code could result in a buffer header
memory leak. A local, unprivileged user could use this flaw to cause a
denial-of-service.


* Denial-of-service in loop block subsystem when unloading the loop module.

A logic error in the error path when allocating a block queue in the loop
module could result in a NULL pointer dereference. A local, privileged user
could use this flaw to cause a denial-of-service.


* NULL pointer dereference in GPMI Nand controller when DMA operations on-going.

A race condition in the GPMI Nand controller driver could result in a NULL
pointer dereference and kernel crash. A local, privileged user could use
this flaw to cause a denial-of-service.


* Deadlock in selinux/netlabel on connect().

Incorrect locking in the selinux/netlabel glue code could lead to a
deadlock. A local, unprivileged user could use this flaw to cause a
denial-of-service.


* Information leak in audit subsystem when getting status from audit netlink.

A missing field assignment in the receive loop of audit causes an
information leak. A local user with CAP_AUDIT_CONTROL could use this flaw
to obtain information on the running kernel.


* Out-of-bounds write in iscsi-target when computing checksums.

Incorrect length checking in iscsi-target code could lead to a one byte
out-of-bounds write. An attacker could use this to cause a
denial-of-service or potentially, escalate privileges.


* Incorrect credentials checking in iscsi-target with CHAP authentication.

A flaw in the username checking in iscsi-target CHAP authentication causes
all usernames with the correct username as prefix to be accepted.


* Denial-of-service in cpuset subsystem when changing cpuset.

Incorrect locking when changing cpuset of a running test could result in a
deadlock. A local, privileged user could use this flaw to cause a
denial-of-service.


* CVE-2013-2929: Incorrect permissions check in ptrace with dropped privileges.

The ptrace subsystem incorrectly checked the state of the fs.suid_dumpable
sysctl allowing a user to ptrace attach to a process if it had dropped
privileges to that user.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.