[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (DLA-310-1)

[Oracle Ksplice]

Synopsis: DLA-310-1 can now be patched using Ksplice
CVEs: CVE-2015-0272 CVE-2015-5156 CVE-2015-5364 CVE-2015-5366 CVE-2015-5697 CVE-2015-5707 CVE-2015-6937

Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian kernel update, DLA-310-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2015-5697: Information leak in RAID/LVM GET_BITMAP_FILE ioctl().

Missing initialization of the buffer used for reading bitmaps could
result in leaking up to 4095 of kernel heap memory to userspace.  A
local user with access to an MD device could use this flaw to gain
information about kernel layout.


* CVE-2015-5707: Privilege escalation in generic SCSI character device.

An integer overflow in the SCSI generic driver in the Linux kernel could
allow a local user with write permission on a SCSI generic device to
escalate privileges.


* CVE-2015-5364, CVE-2015-5366: Kernel hang on UDP flood with wrong checksums.

A flaw in the UDP handling of wrong checksums could lead to a kernel hang
under a UDP flood attack.  A remote attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service in JBD2 journal recovery.

An integer overflow in the JBD2 journal could result in an out-of-bounds
memory access and kernel crash.  A local user could use a maliciously
crafted filesystem to crash the system.


* Denial-of-service in SonicBlue Optimized MPEG File System mounting.

Missing mount option termination could allow a user with permission to
mount filesystems to trigger a denial-of-service by passing an
unrecognized mount option.


* NULL pointer dereference in VIA VT6655 packet reception.

A race condition between receiving a packet and interrupt processing
could result in a NULL pointer dereference and kernel crash.


* NULL pointer dereference in Amateur Radio ROSE protocol.

A missing NULL pointer check could result in a NULL pointer dereference
and kernel crash when killing a ROSE device.


* Multiple privilege escalations in DVB frontends.

Missing user input validation could allow a local user with access to
the device to trigger buffer overflows when reading or writing data.
This out of bounds access could result in a kernel crash or potentially
escalate privileges.


* Kernel crash in ext4 during truncate and write race.

Incorrect locking could result in a kernel crash when threads raced
between writing a journaled page and truncation.


* CVE-2015-6937: NULL pointer dereference in RDS socket creation.

Failure to check for binding to a transport could result in a NULL
pointer dereference when creating an RDS socket.  A local, unprivileged
user could use this flaw to crash the system.


* CVE-2015-0272: Remote denial-of-service in IPv6 address autoconfiguration.

Incorrect handling of MTU sysctl setting for an IPv6 device could allow
a remote attacker to trigger packet loss and a denial-of-service under
certain system configurations.


* CVE-2015-5156: Denial-of-service in Virtio network device.

Incorrect handling of fragmented socket buffers could result in a buffer
overflow when performing receive offload under specific conditions.  A
local, unprivileged user could use this flaw to crash the system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.