[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (2.6.32-57.119)

[Oracle Ksplice]

Synopsis: 2.6.32-57.119 can now be patched using Ksplice
CVEs: CVE-2013-2929 CVE-2013-4587 CVE-2013-6367 CVE-2013-6380 CVE-2013-6382 CVE-2014-1446 CVE-2014-1874

Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch
against the latest Ubuntu kernel update, 2.6.32-57.119.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-4587: Privilege escalation in KVM when creating VCPU.

A lack of input validation in the KVM code when creating a VCPU could lead
to an out-of-bounds memory write. A local user could use this flaw to cause
a kernel crash or potentially escalate privileges.


* CVE-2013-6367: Divide-by-zero in KVM LAPIC.

A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's
Local Advanced Programmable Interrupt Controller (LAPIC) implementation.
A privileged guest user could use this flaw to crash the host.


* CVE-2013-6382: Denial-of-service in XFS filesystem ioctls.

Multiple buffer underflows in the XFS implementation in the Linux kernel
could allow local users with the CAP_SYS_ADMIN capability to cause a
denial of service (memory corruption) or possibly have unspecified other
impact.


* CVE-2013-6380: Denial-of-service in Adaptec RAID driver.

Incorrect memory allocations in the Adaptec RAID driver could result in
dereferencing an invalid pointer allowing a local user with the
CAP_SYS_ADMIN privilege to crash the system.


* Denial-of-service in 802.11 radiotap packet parsing.

The kernel 802.11 radiotap interface does not correctly handle malformed packets
allowing a remote attacker to trigger an out-of-bounds read leading to a kernel
panic.


* Information leak in FarSync network driver ioctl.

The SIOCWANDEV ioctl in the FarSync T-Series network driver does not initialise
memory before returning data to userspace, causing the contents of kernel memory
to be leaked to userspace.


* Information leak in wanXL IF_GET_IFACE ioctl.

The SBE wanXL network driver does not initialise memory when handling the
IF_GET_IFACE ioctl causing the contents of kernel memory to be leaked to
userspace.


* CVE-2014-1446: Information leak YAM radio modem ioctl.

The YAM radio modem driver does not initialize kernel memory when processing the
SIOCYAMGCFG ioctl, leading to the contents of kernel memory being leaked to
userspace.


* CVE-2014-1874: Kernel panic in empty SELinux security contexts.

The SELinux subsystem does not correctly handle files with empty security contexts
leading to a kernel panic. A local, privileged user could use this flaw to cause a
denial-of-service


* CVE-2013-2929: Incorrect permissions check in ptrace with dropped privileges.

The ptrace subsystem incorrectly checked the state of the fs.suid_dumpable
sysctl allowing a user to ptrace attach to a process if it had dropped
privileges to that user.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.