[Ksplice][Debian 8.0 Updates] New Ksplice updates for Debian 8.0 Jessie (3.16.43-2+deb8u4)

[Oracle Ksplice]

Synopsis: 3.16.43-2+deb8u4 can now be patched using Ksplice
CVEs: CVE-2017-1000111 CVE-2017-1000112 CVE-2017-1000251 CVE-2017-1000371 CVE-2017-1000380 CVE-2017-10661 CVE-2017-11600 CVE-2017-12134 CVE-2017-12153 CVE-2017-12154 CVE-2017-14051 CVE-2017-14140 CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-7518

Systems running Debian 8.0 Jessie can now use Ksplice to patch against
the latest Debian kernel update, 3.16.43-2+deb8u4.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Debian 8.0
Jessie install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-1000371: Privilege escalation when executing a shared object file.

A logic error when loading shared object file with ELF format could
facilitate an exploit leading to privilege escalation.


* CVE-2017-1000380: Information leak when reading timer information from ALSA devices.

A missing data initialization and a race condition when reading timer
information of ALSA devices from user space could lead to an information
leak. A local attacker could use this flaw to get information about
running kernel and facilitate an attack.


* CVE-2017-10661: Data race when canceling timer file descriptors causes denial-of-service.

Missing serialization when canceling timer file descriptors could cause
the cancels to race, causing a data race or use-after-free, potentially
resulting in a kernel crash and denial-of-service.


* CVE-2017-7518: Privilege escalation in KVM emulation subsystem.

An implementation error in the syscall instruction emulation in KVM
leads to a kernel exception raised in userspace. A user/process inside
guest could use this flaw to potentially escalate their privileges
inside guest.


* CVE-2017-1000112: Privilege escalation using the UDP Fragmentation Offload (UFO) code.

Multiple missing checks on headers length when using UDP Fragmentation
Offload (UFO) protocol while sending packets could lead to out-of-bounds
accesses.  A local attacker with CAP_NET_RAW capability, or on a system
with unprivileged namespace enabled, could use this flaw to cause a
denial-of-service or execute arbitrary code.


* CVE-2017-11600: Out-of-bounds access when using transformation user configuration interface.

A missing check on user input when sending XFRM_MSG_MIGRATE over
transformation user configuration interface (XFRM) socket could lead to
an out-of-bounds access. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2017-1000111: Privilege escalation when setting options on AF_PACKET socket.

A missing locking when setting options on AF_PACKET socket could lead to
an out-of-bounds access. A local attacker with CAP_NET_RAW capability,
or on a system with unprivileged namespace enabled, could use this flaw
to cause a denial-of-service or execute arbitrary code.


* CVE-2017-12134, XSA-229: Privilege escalation in Xen block IO requests.

Incorrect merging of block IO vectors could result in corruption of data
accesses to/from a block device.  A malicious guest could use this flaw
to crash the host, or potentially, gain privileges in the host.


* CVE-2017-12153: NULL pointer dereference in the Wireless configuration layer.

A failure to verify netlink attributes existence before processing them
could lead to a NULL pointer dereference.  A local user with CAP_NET_ADMIN
could use this flaw to cause a denial-of-service.


* CVE-2017-12154: Denial-of-service when using KVM nested virtualization.

A missing flag when setting up a nested virtualization using KVM could
give access to CR8 register to L2 guest. A local attacker could use this
register to disable system external interrupts from L2 guest and cause a
denial-of-service.


* CVE-2017-14051: Denial-of-service in qla2xxx sysfs handler.

A failure to validate information from userspace can result in an
unbounded kernel memory allocation. A local user could use this flaw to
cause memory exhaustion or a kernel crash, resulting in a
denial-of-service.


* CVE-2017-14140: ASLR bypass due to insufficient permissions checks in move_pages.

A failure to correctly check permissions when using the move_pages
system call can allow an attacker to map out the address space of a
process which shares the same uid. A local user could use this flaw to
facilitate a further attack.


* CVE-2017-14156: Information leak in the ATI Rage 128 video drivers when copying clock information.

A missing struct initialization when copying clock information could lead
to uninitialized memory being leaked to userspace.  This could help an
attacker bypass protections like ASLR or infer memory layouts that would
otherwise be hidden.


* CVE-2017-14340: Denial-of-service when flushing data on XFS without a realtime device.

Lack of input validation before trying to flush data to a real-time device
on XFS where the device might not be present leads to a NULL pointer
dereference.  A local, unprivileged user can use this flaw to cause a
denial-of-service.


* CVE-2017-14489: NULL pointer dereference in the SCSI transport layer.

A logic error when checking the bounds to be read from a netlink socket in
the SCSI could lead to a NULL pointer dereference.  A local user could use
this flaw to cause a denial-of-service.


* CVE-2017-1000251: Stack overflow in Bluetooth L2CAP config buffer.

Incorrectly parsing a Bluetooth L2CAP configuration buffer could allow
it to overwrite data on the stack, potentially allowing a remote
attacker to execute arbitrary code in the kernel.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.