[Ksplice][Debian 8.0 Updates] New updates available via Ksplice (3.16.7-ckt11-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Mon Jun 8 06:39:01 PDT 2015
Synopsis: 3.16.7-ckt11-1 can now be patched using Ksplice
CVEs: CVE-2015-3636
Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian kernel update, 3.16.7-ckt11-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Debian 8.0 Jessie
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Memory corruption in Multiple Device driver when destroying a device.
Incorrect locking in the Multiple Device driver when destroying a device
could lead to memory corruptions and kernel panic. A local, privileged
user could use this flaw to cause a denial-of-service.
* Frames filtering bypass in mesh forwarding in mac80211 stack.
A flaw in the mac80211 mesh forwarding allows un-encrypted frames to pass
through. A remote attacker could use this flaw to inject un-encrypted
frames to an otherwise encrypted network.
* Denial-of-service in Intel Memory Protection Extensions.
Incorrect checking for user mode tasks could result in a
denial-of-service when handling bounds faults on a system with MPX
available.
* Information leak in /proc/PID/pagemap.
/proc/PID/pagemap includes the virtual to physical mappings and could be
accessed by a local, unprivileged user. This could be used in
conjunction with flaws such as ROWHAMMER to elevate privileges.
* Use-after-free in ISCSI target connection closing.
A race condition in the ISCSI target connection closing procedure could
result in a use-after-free condition and subsequent kernel crash.
* Denial-of-service in pSCSI backend.
A missing NULL pointer check could result in a denial-of-service,
triggerable by a local, unprivileged user for incomplete configurations.
* NULL pointer dereference during Target device initialization failure.
Failure to create a workqueue when initializing a target device could
result in a NULL pointer dereference and kernel crash under specific
conditions.
* Information leak in Infiniband Userspace events.
The Infiniband uverbs driver did not clear the events structure
resulting in leaking 4-8 bytes of kernel stack contents to userspace.
* Out-of-bounds memory access in multiqueue block core segment merging.
An incorrect array index could result in accessing beyond the bounds of
an array when merging requests. This could result in a crash or other,
undefined behaviour.
* Kernel crash in physical to virtual reverse mapping lookup.
Incorrect error handling when adjusting a virtual memory area could
result in integer underflow and a crash in the address reverse mapping
code.
* Data corruption on hfsplus filesystem when inserting node at position zero.
A logic error in the hfsplus filesystem driver leads to on-disk data
corruption when inserting a node at position zero.
* Use-after-free in Industrial I/O core error handling.
Incorrect error handling in the Industrial I/O device registration
function could result in a double-free and kernel crash.
* Use-after-free in CIFS page writing during intermittent network connectivity.
Incorrect error handling during loss of network connection could result
in a use-after-free when writing pages on a CIFS filesystem.
* NULL pointer dereference in Analog Devices IMU SPI driver.
Missing reference counting could result in a NULL pointer dereference in
the Analog Devices IMU SPI driver during removal if the trigger was
changed.
* Use-after-free in network namespace device moving.
Incorrect linked list manipulation could result in a use-after-free and
kernel crash when moving devices between namespaces.
* Kernel panic when chowning files on NFS mount.
Under specific circumstances chowning a file on an NFS mount can trigger
an assertion failure and cause a kernel panic.
* Memory corruption in SPI device ioctl.
An integer overflow in the kernel SPI driver can allow malformed ioctls
to trigger kernel memory corruption and allow a local user to gain
elevated privileges.
* Kernel information leak in PCI Advanced Error Reporting.
Incorrect printing for TLP headers in the PCI Advanced Error Reporting
driver could result in printing the address of a kernel pointer and
stack bytes to userspace.
* Kernel panic in ServerEngines iSCSI BladeEngine 2 initialization failure.
An incorrect call to remove the device in the error handling path could
result in a kernel crash when a BladeEngine 2 device failed to
initialize.
* Kernel crash in SCSI devices during unplug.
Incorrect handling of unoperational links could result in accessing a
device when it should not be possible to do so. This could result in an
invalid pointer dereference and kernel crash.
* Data corruption in ext4 hole punching with indirect mappings.
Under specific conditions, ext4 filesystems could experience data loss
when using FALLOC_FL_PUNCH_HOLE on files.
* Kernel panic in IPv4 forwarding of timewait sockets.
The kernel IPv4 stack does not correctly handle forwarding data from
timewait sockets which can trigger an assertion failure and kernel
panic.
* Deadlock when sending IPv4 FIN packets.
The kernel IPv4 stack can deadlock causing a kernel panic when
transmitting IPv4 FIN packets under high memory pressure.
* Data loss when mounting btrfs volume with the 'discard' option.
When mounting a btrfs volume with '-o discard' the btrfs driver can
possibly overwrite filesystem metadata causing data loss.
* Memory leak in HyperV virtual storage driver.
The HyperV virtual storage driver does not correctly unmap memory when
handling I/O commands from a guest causing a kernel memory leak in the
host.
* Denial of service in btrfs IOC_FILE_EXTENT_SAME ioctl.
Attempting to query the extents of a file on a btrfs volume can trigger
an infinite loop and kernel panic. A local user could use this flaw to
cause a denial of service.
* Denial of service in btrfs IOC_CLONE ioctl.
Attempting to clone a zero-length region from one file to another on a
btrfs volume can trigger an infinite loop and kernel panic. A local
user could use this flaw to cause a denial of service.
* Memory corruption when resolving symlink target.
A reference counting error when opening a symlink which crosses a
mountpoint can trigger a use-after-free condition and kernel panic.
* Data loss when handling iSER commands.
The iSCSI Extensions for RDMA (iSER) driver incorrectly calculates the
amount of length of DIX data which can lead to silent data corruption.
* CVE-2015-3636: Memory corruption when unhashing IPv4 ping sockets.
The kernel IPv4 subsystem does not correctly handle unhashing a ping
socket which can trigger kernel memory corruption. A local user can use
this flaw to gain elevated privileges.
* Filesystem corruption on software RAID0 devices.
Corruption of a sector number for a RAID0 device could result in
corrupting the filesystem when making requests. This could have
side-effects of discarding contents of unrelated files when unlinking
and other corruption.
* Use-after-free in IPv6 virtual tunnelling during removal.
Incorrect removal of tunnel interfaces would result in a use-after-free
and kernel crash when removing the IPv6 virtual tunnelling module.
* Filesystem corruption with ext4 delayed extents.
Incorrect handling of unwritten and delayed extents could result in
filesystem corruption. A local, unprivileged user could use this flaw
to zero parts of files under specific conditions.
* Filesystem corruption in ext4 fallocate().
A race condition in the fallocate() implementation on an ext4 filesystem
could result in filesystem corruption under specific conditions.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Debian-8.0-Updates
mailing list