[Ksplice][Debian 7.0 Updates] New updates available via Ksplice (3.2.65-1+deb7u2)

Thu Feb 26 08:41:25 PST 2015

Synopsis: 3.2.65-1+deb7u2 can now be patched using Ksplice
CVEs: CVE-2014-7822 CVE-2014-8160 CVE-2014-8559 CVE-2014-9585 CVE-2014-9683 CVE-2015-0239 CVE-2015-1420 CVE-2015-1421 CVE-2015-1593

Systems running Debian 7.0 Wheezy can now use Ksplice to patch against
the latest Debian kernel update, 3.2.65-1+deb7u2.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 7.0 Wheezy
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2014-7822: Incorrect parameter validation in splice() system call.

An incorrect parameter validation in the splice() system call could allow
a local, unprivileged user to use this flaw to write past the maximum
file size, and thus crash the system.

* CVE-2014-8160: iptables rules by-pass when the protocol module is not loaded.

A flaw in the generic conntrack sub-system allows protocols that do not
have a protocol handler kernel module loaded to pass through the iptables
firewall even if explicitly denied by rule.

* CVE-2014-9585: Address space layout randomization bypass for VDSO address.

A flaw in the VDSO code loader leads to a 50% chance of having the VDSO
address placed at the end of a PMD. This could allow an attacker to bypass
ASLR protections more easily.

* CVE-2015-0239: Privilege escalation in KVM sysenter emulation.

The KVM emulation of the sysenter instruction does not validate 16-bit
code segments which can allow a local attacker to potentially elevate
privileges.

* CVE-2015-1420: Buffer overflow in name_to_handle_at() system call.

Due to a race condition in the name_to_handle_at() system call, it is
possible for userspace to change the length of the buffer read by the
kernel after it has been allocated. This could lead to a buffer
overflow. A local user with CAP_DAC_READ_SEARCH privileges could
potentially use this to cause denial of service or possibly escalate
their privileges.

* CVE-2015-1593: Stack layout randomization entropy reduction.

A flaw in the the stack base randomization code could result in a
reduction of entropy by a factor of four.  An attacker could use this
flaw to reduce the amount of work needed to bypass ASLR.

* Kernel hang due to locking imbalance in VFS path lookup.

Due to a missing unlock operation in certain failure cases during VFS
path lookups, an unprivileged user could potentially trigger a kernel
hang as the object in question would never be unlocked properly.

* CVE-2015-1421: Privilege escalation in SCTP INIT collisions.

Missing reference counting could result in a use-after-free during an
INIT collision when establishing an SCTP socket.  A remote attacker
could use this flaw to trigger a denial-of-service or potentially gain
privileges.

* CVE-2014-9683: Out-of-bounds memory write in eCryptfs when decoding a file name.

A lack of input validation when decoding a file name in the eCryptfs driver
could lead to an out-of-bounds memory write of one zero byte, potentially
causing a kernel panic.  A local user could use a specially crafted
eCryptfs filesystem to cause a denial-of-service.

* CVE-2014-8559: Deadlock when renaming and deleting concurrently.

Incorrect locking in the filesystem subsystem can trigger a deadlock and
kernel panic when renaming files in a directory while concurrently
deleting files in the same directory.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.