[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (2.6.32-48squeeze20)

Oracle Ksplice ksplice-support_ww at oracle.com
Mon Feb 29 14:09:47 PST 2016 

Synopsis: 2.6.32-48squeeze20 can now be patched using Ksplice
CVEs: CVE-2013-7446 CVE-2015-8812 CVE-2016-0774 CVE-2016-2384

Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian kernel update, 2.6.32-48squeeze20.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-0774: Information leak in the pipe system call on failed atomic read.

The fix for CVE-2015-1805 incorrectly kept buffer offset and length in sync
on a failed atomic read, leading to piper buffer state corruption.  A
local, unprivileged user could use this flaw to cause a denial-of-service
or leak kernel memory to userspace.


* CVE-2015-8812: Use-after-free in Infiniband CXGB3 driver on network congestion.

A logic error in the Infiniband CXGB3 driver could lead to a use-after-free
of a socket buffer when the network is congested.  A local, unprivileged
user could use this flaw to cause a kernel crash or potentially escalate
privileges.


* CVE-2016-2384: Privilege escalation in USB MIDI device driver.

The USB MIDI device driver does not correctly free memory when failing
to initialize an endpoint which can cause a use-after-free condition. A
local unprivileged user can use this flaw to trigger kernel code
execution.


* Improved fix for CVE-2013-7446: Use-after-free in Unix sockets.

The original fix for CVE-2013-7446 did not handle the case where the
specified address is bound to the sending socket or when the socket was
connected to itself.  This flaw could lead to kernel deadlocks or double
unlocking of a spinlock.


* Data corruption during asynchronous I/O.

Insufficient validation in the asynchronous I/O setup code could result
in accessing files locked with a mandatory file lock or overflowing the
file offset leading to data corruption.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Debian-6.0-Updates mailing list