[Ksplice][Ubuntu-15.10-Updates] New updates available via Ksplice (USN-2930-1)

[Oracle Ksplice]

Synopsis: USN-2930-1 can now be patched using Ksplice
CVEs: CVE-2015-7566 CVE-2015-8767 CVE-2016-0723 CVE-2016-2384

Systems running Ubuntu 15.10 Wily can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-2930-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 15.10 Wily
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2015-8767: Denial-of-service in SCTP heartbeat timeout.

Incorrect locking when accepting an SCTP connection during the 4-way
handshake could result in deadlock.  A local user could use this flaw to
block SCTP connections.


* Buffer overflow in Analog Devices inertial measurement device driver.

Incorrect memory offset calculation in the driver for Analog Devices
inertial measurement devices leads to a buffer overflow during transmit.


* Data loss in USB Modem driver during suspend and resume.

Improper cleanup in the USB Modem driver leads to data loss during a
suspend and resume sequence.


* Crash in USB hub driver during device reset.

Improper memory cleanup during USB hub device reset can lead to a NULL
pointer dereference causing a crash.


* Crash in USB serial driver when malicious Treo device is connected.

Improper handling of USB endpoint probing during Treo device initialization
leads to a NULL pointer dereference.


* CVE-2015-7566: Denial-of-service in USB Handspring Visor driver.

Incomplete USB endpoint validation could result in a kernel crash when
probing a USB Handspring Visor device.  A malicious USB device could use
this flaw to crash the system.


* Crash in SCSI driver during power management suspend and resume.

Performing a suspend while the SCSI driver is probing for devices may
crash or cause CD/DVD and hard disk devices to become unusable.


* CVE-2016-0723: Denial-of-service in TTY TIOCGETD ioctl().

A use-after-free when getting the line discipline for a TTY could allow
a local user to trigger a kernel crash.


* Memory corruption in ALSA dummy driver when switching timer.

Improper switching between high resolution timers and system timers while a
stream is open can lead to memory corruption.


* CVE-2016-2384: Privilege escalation in USB MIDI device driver.

The USB MIDI device driver does not correctly free memory when failing
to initialize an endpoint which can cause a use-after-free condition. A
local unprivileged user can use this flaw to trigger kernel code
execution.


* Use-after-free when removing virtio PCI devices.

A logic error in the virtio subsystem can trigger a use-after-free and
kernel panic when removing a virtio PCI device.


* Kernel panic when reading cpufreq governor.

Incorrect locking in the cpufreq driver can trigger a NULL pointer
dereference and kernel panic when reading from the governor sysfs file.


* Memory corruption in nf_table compatibility ioctls.

An integer overflow can trigger memory corruption when setting netfilter
table data via the compatibility ioctl interface.


* Memory corruption when parsing netfilter source chains.

A logic error when parsing netfilter source chains can allow local users
to corrupt kernel memory.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.