[Ksplice][Debian 8.0 Updates] New updates available via Ksplice (DSA-3313-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Mon Jul 27 13:30:38 PDT 2015
Synopsis: DSA-3313-1 can now be patched using Ksplice
CVEs: CVE-2015-3290 CVE-2015-3291 CVE-2015-4167 CVE-2015-5157 CVE-2015-5364 CVE-2015-5366
Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian Security Advisory, DSA-3313-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Debian 8.0 Jessie
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2015-5364, CVE-2015-5366: Kernel hang on UDP flood with wrong checksums.
A flaw in the UDP handling of wrong checksums could lead to a kernel hang
under a UDP flood attack. A remote attacker could use this flaw to cause a
denial-of-service.
* CVE-2015-4167: Memory corruption when mounting malformed UDF disk images.
The kernel UDF filesystem driver, used by some CD-ROMs and DVDs, does
not validate overly long extended attributes which can trigger kernel
memory corruption and a kernel panic.
* CVE-2015-3290, CVE-2015-3291, CVE-2015-5157: Multiple privilege escalation in NMI handling.
The value of the stack register was incorrectly used as trusted input to
decide if the NMI handler was nested or not. An unprivileged user could
use this flaw to force a return to userspace with the Current Privilege
Level (CPL) set to 0.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Debian-8.0-Updates
mailing list