[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (2.6.32-48squeeze8)

Wed Jul 16 17:15:52 PDT 2014

Synopsis: 2.6.32-48squeeze8 can now be patched using Ksplice
CVEs: CVE-2013-4387 CVE-2013-4470 CVE-2014-2678 CVE-2014-3122 CVE-2014-3144 CVE-2014-3917 CVE-2014-4652 CVE-2014-4656 CVE-2014-4667 CVE-2014-4699

Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian kernel update, 2.6.32-48squeeze8.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2014-3917: Denial-of-service and information leak in audit syscall subsystem.

Linux kernel built with the system-call auditing support is vulnerable to a
kernel crash or information disclosure flaw caused by out of bounds memory
access.  When system call audit rules are present on a system, an
unprivileged user could use this flaw to leak kernel memory or cause a
denial-of-service.

* Kernel panic in VFS lookup code.

A bug in the VFS lookup code could cause a kernel panic when
opening a file on an auto-fs filesystem with O_CREAT.

* Improved fix for CVE-2014-2678: NULL pointer dereference in RDS protocol when binding.

A missing check in the wireless RDS protocol leads to a NULL pointer
dereference when there is no device. A local, unprivileged user could use
this flaw to cause a NULL pointer dereference and denial-of-service.

* CVE-2014-4656: ALSA Control ID overflow.

Missing range checks in ALSA control IDs could lead to an integer overflow.

* CVE-2014-4667: Denial-of-service in SCTP stack when unpacking a COOKIE_ECHO chunk.

Incorrect reference counting in the error path of sctp_unpack_cookie()
could corrupt the backlog reference counter, preventing any future SCTP
association. A remote attacker could use this flaw to cause a
denial-of-service.

* CVE-2014-3144: Multiple local denial of service vulnerabilities in netlink.

The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extension implementations
in the sk_run_filter function in net/core/filter.c failed to check whether
a certain length value is sufficiently large, which allows local users to
cause a denial of service (integer underflow and system crash) via crafted
BPF instructions.

* CVE-2013-4387: Memory corruption in IPv6 UDP fragmentation offload.

The kernel IPv6 stack does not correctly handle queuing multiple UDP fragments
when using UDP Fragmentation Offloading allowing a local unprivileged user to
cause kernel memory corruption and potentially gain privileged code execution.

* CVE-2013-4470: Memory corruption in IPv4 and IPv6 networking corking with UFO.

The kernel IP stack does not correctly handle sending fragmented packets via a
device which has UDP Fragmentation Offload enabled leading to memory corruption
and a kernel panic.

* CVE-2014-4652: Arbitrary memory disclosure in ALSA user controls.

Lack of synchronization between reads and writes to ALSA user controls
could lead to a kernel memory disclosure.

* CVE-2014-3122: Denial-of-service in non-linear memory mappings.

An assertion failure and kernel panic can be triggered when unmapping a
non-linear memory mapping.  This could be exploited by a local,
unprivileged user to crash the system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.