[Ksplice][Debian 8.0 Updates] New updates available via Ksplice (DSA-3313-1)

[Oracle Ksplice]

Synopsis: DSA-3313-1 can now be patched using Ksplice
CVEs: CVE-2015-3290 CVE-2015-3291 CVE-2015-4167 CVE-2015-5157 CVE-2015-5364 CVE-2015-5366

Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian Security Advisory, DSA-3313-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 8.0 Jessie
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2015-5364, CVE-2015-5366: Kernel hang on UDP flood with wrong checksums.

A flaw in the UDP handling of wrong checksums could lead to a kernel hang
under a UDP flood attack.  A remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2015-4167: Memory corruption when mounting malformed UDF disk images.

The kernel UDF filesystem driver, used by some CD-ROMs and DVDs, does
not validate overly long extended attributes which can trigger kernel
memory corruption and a kernel panic.


* CVE-2015-3290, CVE-2015-3291, CVE-2015-5157: Multiple privilege escalation in NMI handling.

The value of the stack register was incorrectly used as trusted input to
decide if the NMI handler was nested or not.  An unprivileged user could
use this flaw to force a return to userspace with the Current Privilege
Level (CPL) set to 0.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.