[Ksplice][Debian 7.0 Updates] New Ksplice updates for Debian 7.0 Wheezy ( DLA 772-1)

[Oracle Ksplice]

Synopsis:  DLA 772-1 can now be patched using Ksplice
CVEs: CVE-2012-6704 CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2016-10088 CVE-2016-7097 CVE-2016-7910 CVE-2016-7911 CVE-2016-7915 CVE-2016-8399 CVE-2016-8633 CVE-2016-8645 CVE-2016-8655 CVE-2016-9178 CVE-2016-9555 CVE-2016-9576 CVE-2016-9756 CVE-2016-9793 CVE-2016-9794

Systems running Debian 7.0 Wheezy can now use Ksplice to patch against
the latest Debian kernel update,  DLA 772-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 7.0
Wheezy install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-7910: Privilege escalation in /proc/partitions.

Incorrect cleanup when finishing reading /proc/partitions could result
in a use-after-free condition.  A local, unprivileged user could use
this flaw to crash the system, or potentially, escalate privileges.


* CVE-2015-8964: Use-after-free in tty line discipline configuration.

Incorrect initialization in the tty subsystem can cause a tty driver to
access previously freed memory. A local attacker could use this to
obtain sensitive information from the kernel.


* CVE-2016-7911: Privilege escalation in ioprio_get().

A race condition in retrieving the task IO context in the ioprio_get()
system call could allow a local, unprivileged user to trigger a
use-after-free and cause a denial-of-service, or potentially, escalate
privileges.


* CVE-2016-8399: Information leak using ICMP protocol.

A missing check on ICMP header length could cause an out-of-bounds read
of stack. A user could use this flaw to leak information about
kernel memory and facilitate an attack.


* CVE-2016-8655: Privilege escalation in af_packet implementation.

A race condition in af_packet processing could allow a local
unprivileged user to cause a kernel crash or execute arbitrary code
with elevated privileges.


* CVE-2016-9555: Remote denial-of-service due to SCTP state machine memory corruption.

A missing bound-check in one of the state functions caused memory use
beyond what has been allocated. This could lead to memory corruption and
other undefined behaviors.


* CVE-2016-9178: Information disclosure in get_user.

Due to incorrect initialisation of inline assembly, a local user could
obtain sensitive information from the kernel stack.


* CVE-2016-9756: Information leak in KVM x86 emulator.

Failure to initialize memory in generic x86 emulator resulted in leaking
of kernel stack into userspace. An attacker can use this vulnerability
to introspect kernel memory.


* CVE-2016-9794: Denial-of-service when playing audio stream.

A missing lock when computing elapsed period of the playing stream
could lead to a use-after-free if the stream is released in a concurrent
thread. An attacker could use this flaw to cause a denial-of-service.


* CVE-2016-8645: Denial-of-service during TCP packet reception.

When collapsing multiple socket buffers into one, a bug in the code
could result in kernel panic. A remote attacker could trigger this by
sending specially crafted packets and cause a denial-of-service.


* CVE-2012-6704, CVE-2016-9793: Denial-of-service in socket configuration.

Incorrect validation of arguments for the setsockopt ioctl could allow a
local user with CAP_NET_ADMIN privileges to cause memory corruption or
crash the kernel.


* CVE-2015-8962: Privilege escalation when detaching SCSI drives.

A double free flaw when detaching an SCSI drive on concurrent DMA
operations could lead to memory corruptions and kernel panic.  A local user
with the ability to detach an SCSI drive could potentially use this flaw to
elevate its privileges.


* CVE-2015-8963: Privilege escalation in the perf sub-system on CPU unplug.

A race condition when hashing a software event in the perf sub-system could
lead to a use-after-free and kernel panic.  A local user with the ability
to cause CPU unplug could potentially use this flaw to elevate its
privileges.


* CVE-2016-7915: Information leak when plugging HID input device.

Incorrect input validation when reading input fields from a USB HID device
leads to out-of-bounds reads which are then reported to userspace through
HID events.  A local user with the privileges to read input events could
use this flaw to gain information about the running kernel.


* CVE-2016-10088, CVE-2016-9576: Use-after-free in SCSI device interface.

Incorrect validation of sendfile arguments can cause a use-after-free in
the SCSI subsystem. A local user with access to /dev/sg* devices could
use this flaw to read kernel memory or escalate privileges.


* CVE-2016-7097: Privilege escalation when setting xattr.

A missing clear of SGID bit during a setxattr call could allow a local
user to gain group privileges.


* CVE-2016-8633: Remote code execution in the firewire driver.

Improper input validation when handling fragmented datagrams could allow a
remote attacker, through a specially crafted packet, to gain code
execution.  A remote attacker could use this flaw to compromise a system
remotely.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.