[Ksplice][Debian 8.0 Updates] New Ksplice updates for Debian 8.0 Jessie (3.16.39-1)

[Oracle Ksplice]

Synopsis: 3.16.39-1 can now be patched using Ksplice
CVEs: CVE-2015-8962 CVE-2015-8963 CVE-2015-8964 CVE-2016-10088 CVE-2016-1583 CVE-2016-7097 CVE-2016-7910 CVE-2016-7911 CVE-2016-7915 CVE-2016-8399 CVE-2016-8633 CVE-2016-8645 CVE-2016-8650 CVE-2016-8655 CVE-2016-9083 CVE-2016-9178 CVE-2016-9555 CVE-2016-9576 CVE-2016-9756 CVE-2016-9793 CVE-2016-9794

Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian kernel update, 3.16.39-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 8.0
Jessie install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-7911: Denial-of-service in ioprio_get() syscall.

Incorrect locking in the ioprio_get() syscall could result in a
use-after-free and kernel crash.  A local, unprivileged user could use
this flaw to crash the system.


* CVE-2016-7910: Use after free in block device procfs interface.

The generic block device procfs interface incorrectly handles memory
when reading from the 'diskstats' and 'partitions' file which can
trigger a use-after-free condition and kernel panic.


* CVE-2016-8633: Buffer overflow in firewire net driver.

A logic error on incoming packets checks could lead to a rx buffer
overflow. A remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2016-9083: Integer overflow in PCI VFIO bus driver.

An error in user-supplied arguments sanitizing of VFIO_DEVICE_SET_IRQS
ioctl could lead to an integer overflow. A local user with capability to
use this ioctl could cause a denial-of-service.


* CVE-2016-7097: Permission bypass in Overlay filesystem when setting POSIX ACLs.

A logic error when setting POSIX ACLs in the Overlay filesystem causes
the set-group-ID to not be cleared.  A local, unprivileged user could
use this flaw to escalate privileges.


* CVE-2015-8962: Privilege escalation when detaching SCSI drives.

A double free flaw when detaching an SCSI drive on concurrent DMA
operations could lead to memory corruptions and kernel panic.  A local user
with the ability to detach an SCSI drive could potentially use this flaw to
elevate its privileges.


* CVE-2015-8963: Privileges escalation in the perf sub-system on CPU unplug.

A race condition when hashing a software event in the perf sub-system could
lead to a use-after-free and kernel panic.  A local user with the ability
to cause CPU unplug could potentially use this flaw to elevate its
privileges.


* CVE-2015-8964: Use-after-free in tty line discipline configuration.

Incorrect initialization in the tty subsystem can cause a tty driver to
access previously freed memory. A local attacker could use this to
obtain sensitive information from the kernel.


* CVE-2016-7915: Denial-of-service in USB HID event handling.

Missing validation in the HID event handling could result in
out-of-bounds memory accesses.  An attacker with physical access to the
system could use this flaw to trigger a denial-of-service.


* CVE-2016-8399: Information leak using ICMP protocol.

A missing check on ICMP header length could cause an out-of-bounds read
of stack. A user could use this flaw to leak information about
kernel memory and facilitate an attack.


* CVE-2016-8645: Denial of service when receiving TCP packet.

When collapsing multiple socket buffers into one, a bug in the code
could result in kernel panic. A remote attacker can trigger this by
sending specially crafted packets and cause denial of service.


* CVE-2016-8650: NULL pointer dereference in the key management subsystem.

A missing check in the Multiprecision maths library used to implement
RSA digital signature verification could lead to a NULL pointer
dereference. A local user could use this flaw to cause a denial-of-service.


* CVE-2016-8655: Privilege escalation in af_packet implementation.

A race condition in af_packet processing could allow a local
unprivileged user to cause a kernel crash or execute arbitrary code
with elevated privileges.


* CVE-2016-9178: Information disclosure in get_user.

Due to incorrect initialisation of inline assembly, a local user could
obtain sensitive information from the kernel stack.


* CVE-2016-9555: Remote denial-of-service due to SCTP state machine memory corruption.

A missing bound-check in one of the state functions caused memory use
beyond what has been allocated. This could lead to memory corruption and
other undefined behaviors.


* CVE-2016-10088, CVE-2016-9576: Use-after-free in SCSI device interface.

Incorrect validation of sendfile arguments can cause a use-after-free in
the SCSI subsystem. A local user with access to /dev/sg* devices could
use this flaw to read kernel memory or escalate privileges.


* CVE-2016-9756: Information leak in KVM x86 emulator.

Failure to initialize memory in generic x86 emulator resulted in leaking
of kernel stack into userspace. An attacker can use this vulnerability
to introspect kernel memory.


* CVE-2016-9793: Denial-of-service in socket configuration.

Incorrect validation of arguments for the setsockopt ioctl could allow
a local user with CAP_NET_ADMIN privileges to cause memory corruption
or crash the kernel.


* CVE-2016-9794: Denial-of-service when playing audio stream.

A missing lock when computing elapsed period of the playing stream
could lead to a use-after-free if the stream is released in a concurrent
thread. An attacker could use this flaw to cause a denial-of-service.


* Improved fix for CVE-2016-1583: Privilege escalation in eCryptfs.

eCryptfs was incorrectly trying to use the mmap() file operation on lower
filesystem that may not support it.  A local, unprivileged user could use
this flaw to cause a denial-of-service through recursive faults or
potentially escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.