[Ksplice][Debian 8.0 Updates] New Ksplice updates for Debian 8.0 Jessie (3.16.43-2+deb8u3)

Mon Aug 21 12:52:09 PDT 2017

Synopsis: 3.16.43-2+deb8u3 can now be patched using Ksplice
CVEs: CVE-2014-9940 CVE-2017-1000365 CVE-2017-100363 CVE-2017-10911 CVE-2017-11176 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605

Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian kernel update, 3.16.43-2+deb8u3.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 8.0
Jessie install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2014-9940: Use-after-free in regulator GPIO unregistration.

A logic error when unregistering a regulator can result in a
use-after-free. A local attacker could use this flaw escalate privileges
or cause a denial-of-service.

* CVE-2017-7482: Memory corruption when decoding Keberos 5 ticket.

A boundary condition error when decoding Keberos 5 tickets using the
RXRPC keys leads to local buffer overflow. This could lead to memory
corruption and possible privilege escalation.

* CVE-2017-7541: Buffer overflow in Broadcom IEEE802.11n embedded FullMAC WLAN driver.

A logic error in Broadcom IEEE802.11n embedded FullMAC WLAN driver could
lead to buffer overflow when user send a crafted NL80211_CMD_FRAME
packet via netlink. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2017-7542: Buffer overflow when parsing IPV6 fragments header.

An incorrect data type when parsing IPV6 fragments header could lead to
a buffer overflow and to an infinite loop. A remote attacker could use
this flaw to cause a denial-of-service.

* CVE-2017-7889: Permissions bypass via /dev/mem file.

The mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
protection mechanism, which allows local users to read or write to
kernel memory locations via an application that opens the /dev/mem file.

* CVE-2017-9605: Information leak when user defines surface in VMware Virtual GPU driver.

A missing initialization of local variable when user defines surface in
VMXGFX driver could leak stack information. A local attacker could use
this flaw to gain information about the running kernel and facilitate an
attack.

* CVE-2017-11176: Use-after-free in message queue notify syscall.

A race condition when closing a message queue file descriptor could
cause the memory for the associated socket to be freed twice, corrupting
memory or causing a denial-of-service.

* CVE-2017-100363: Denial-of-service in printer driver setup.

Missing validation on the "lp" module parameter could result in an
out-of-bounds access and integer overflow.  A local, privileged user
could use this flaw to crash the kernel or defeat secure boot
protections.

* CVE-2017-1000365: Privilege escalation when performing exec.

A logic error allows an unprivileged local user to bypass argument and
environmental string size limits when performing an exec syscall. A
local user could use this flaw to bypass guard pages between the stack
and another mapping, leading to potential privilege escalation.

* CVE-2017-7533: Privilege escalation in inotify during file rename.

A race condition in inotify when renaming a file can result in kernel
memory corruption. A local attacker could use this flaw to escalate
privileges.

* CVE-2017-10911: Information leak in Xen block-device backend driver.

A data structure allocated on stack in Xen block-device backend driver
may leak sensitive data through padding fields. A malicious unprivileged
guest may be able to obtain sensitive information from the host or other
guests.

* CVE-2017-7346: Denial-of-service when user defines surface in VMware Virtual GPU driver.

A missing check on user input could lead to an infinite loop. A local
attacker could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.