[Ksplice][Ubuntu-17.04-Updates] New Ksplice updates for Ubuntu 17.04 Zesty (USN-3404-1)

[Oracle Ksplice]

Synopsis: USN-3404-1 can now be patched using Ksplice
CVEs: CVE-2017-1000112 CVE-2017-7487

Systems running Ubuntu 17.04 Zesty can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3404-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 17.04
Zesty install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service when sending packets over a socket with Segmentation Offload enabled.

A logic error when sending packets over a socket with Segmentation
Offload enabled could lead to kernel warnings. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2017-7487: Use-after-free in IPX reference count handling.

A reference count leak in the IPX ioctl handler can result in a
reference count overflow leading a use-after-free. A local attacker
could use this flaw to crash the kernel or escalate privileges.


* Race condition in Intel i915 page management causes denial-of-service.

Incorrect accounting of pagetables in the Intel i915 graphics driver
could cause the pagetables to be inappropriately accessed, causing a
kernel panic and denial-of-service.


* Improved fix for CVE-2017-1000112: Privilege escalation using the UDP Fragmentation Offload (UFO) code.

Multiple missing checks on headers length when using UDP Fragmentation
Offload (UFO) protocol while sending packets could lead to out-of-bounds
accesses. A local attacker with CAP_NET_RAW capability, or on a system
with unprivileged namespace enabled, could use this flaw to cause a
denial-of-service or execute arbitrary code.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.