[Ksplice-Fedora-21-updates] New updates available via Ksplice (FEDORA-2015-9704)
Oracle Ksplice
ksplice-support_ww at oracle.com
Sun Jun 21 10:37:13 PDT 2015
Synopsis: FEDORA-2015-9704 can now be patched using Ksplice
CVEs: CVE-2015-1420
Systems running Fedora 21 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2015-9704.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 21 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service in KVM APIC accesses.
Missing validation of the APIC page could allow userspace to unmap the
page, resulting in a host crash when running the guest.
* Denial-of-service in SonicBlue Optimized MPEG File System mounting.
Missing mount option termination could allow a user with permission to
mount filesystems to trigger a denial-of-service by passing an
unrecognized mount option.
* Denial-of-service in SonicBlue Optimized MPEG File System superblock bitmap.
An integer overflow in the superblock parsing of an SonicBlue Optimized
MPEG File System could result in an out-of-bounds memory access and
memory corruption. A local user with permission to mount filesystems
could use this flaw to trigger a denial-of-service, or possibly escalate
privileges with a maliciously crafted filesystem.
* BTRFS filesystem corruption with during chunk allocation.
Missing locking could result in corruption of the filesystem when
marking a block group read-only.
* NULL pointer dereference in Broadcom IEEE802.11n packet transmission+reception.
Missing NULL pointer checks could result in a NULL pointer dereference
when receiving and transmitting packets in the Broadcom IEEE802.11n
driver.
* Denial-of-service in userspace string handling.
An incorrect length check could result in accessing beyond a
validated buffer. A local, unprivileged user could use this flaw to
crash the kernel in specific conditions.
* Use-after-free in USB gadget configfs filesystem.
Missing invalidation of a pointer during function removal could result
in a use-after-free and kernel crash.
* NULL pointer dereference in EXT4 journal restart failure.
A missing NULL pointer check could result in a NULL pointer dereference
and kernel crash when restarting the journal. A local user could use a
maliciously crafted filesystem to crash the system.
* Denial-of-service in JBD2 journal recovery.
An integer overflow in the JBD2 journal could result in an out-of-bounds
memory access and kernel crash. A local user could use a maliciously
crafted filesystem to crash the system.
* CVE-2015-1420: Buffer overflow in name_to_handle_at() system call.
Due to a race condition in the name_to_handle_at() system call, it is
possible for userspace to change the length of the buffer read by the
kernel after it has been allocated. This could lead to a buffer
overflow. A local user with CAP_DAC_READ_SEARCH privileges could
potentially use this to cause denial of service or possibly escalate
their privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-21-Updates
mailing list