[Ksplice][Debian 7.0 Updates] New updates available via Ksplice (3.2.78-1)

[Oracle Ksplice]

Synopsis: 3.2.78-1 can now be patched using Ksplice
CVEs: CVE-2015-7513 CVE-2015-8374 CVE-2016-2782

Systems running Debian 7.0 Wheezy can now use Ksplice to patch against
the latest Debian kernel update, 3.2.78-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 7.0 Wheezy
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-2782: Crash in USB serial driver when malicious Treo device is connected.

Improper handling of USB endpoint probing during Treo device initialization
leads to a NULL pointer dereference.


* Improve fix for CVE-2015-7513: Divide-by-zero in KVM when reloading the programmable interrupt timer.

A missing input sanitization when loading the programmable interrupt timer
counters from userspace could cause KVM to make a division by zero, causing
a kernel crash.  A local user with the capability to run KVM machines could
use this flaw to cause a denial-of-service.


* CVE-2015-8374: Information leak when truncating a compressed and inlined extent on Btrfs.

An information leak vulnerability was found when truncating a file to a
smaller size which consists of an inline extent that is compressed. The
data between the new file size and the old file size was not discarded,
allowing another user to read it through the clone ioctl.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.