[Ksplice][Ubuntu-12.04-Updates] New updates available via Ksplice (USN-1878-1)

Sonja Tideman sonja.tideman at oracle.com
Fri Jun 14 07:23:12 PDT 2013 

Synopsis: USN-1878-1 can now be patched using Ksplice
CVEs: CVE-2013-0160 CVE-2013-3076 CVE-2013-3222 CVE-2013-3223 
CVE-2013-3224 CVE-2013-3225 CVE-2013-3227 CVE-2013-3228 CVE-2013-3229 
CVE-2013-3231 CVE-2013-3232 CVE-2013-3234 CVE-2013-3235

Systems running Ubuntu 12.04 Precise can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1878-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.04 Precise
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-3076: Kernel stack information leak in userspace crypto API.

missing initialization could allow a local user to leak kernel stack
information when receiving results.


* CVE-2013-3223: Kernel stack information leak in amateur radio drivers.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages.


* CVE-2013-3224: Kernel stack information leak in Bluetooth sockets.

Receiving messages from a bluetooth socket whilst the socket is
simultaneously being shut down could leak kernel stack bytes to
userspace allowing a local user to gain information about the running
kernel.


* CVE-2013-3235: Kernel stack information leak in TIPC protocol.

Missing initialization could allow a local user to leak stack
information when receiving messages on a Transparent Inter Process
Communication (TIPC) socket.


* CVE-2013-3234: Kernel stack information leak in ROSE protocol.

Missing initialization could allow a local user to leak kernel stack
information when receiving from a ROSE socket.


* CVE-2013-3225: Kernel stack information leak in Bluetooth rfcomm.

Missing data clearing operations could allow a local user to leak kernel
stack memory to userspace.


* CVE-2013-3222: Kernel stack information leak in ATM sockets.

Missing data clearing operations could allow an unprivileged user to
leak kernel stack memory to userspace.


* Use-after-free in Async I/O debug prints.

An async I/O ring may be released before a debug print regarding that
ring, causing a use-after-free.


* Kernel crash in cgroup process attachment.

Incorrect initialization could cause the kernel to crash on memory
allocation failure when under heavy memory pressure.


* Use-after-free in sysfs read/write accesses.

A race condition between read/write accesses and readdir calls on sysfs
directories could result in a use-after-free and kernel crash.


* Use-after-free in frame buffer console fonts.

Changing framebuffer consoles did not correctly font data resulting in
use-after-free and kernel crash.


* Denial-of-service in /proc/fs/fscache/stats.

A memory leak in /proc/fs/fscache/stats could allow an unprivileged user
to leak memory and cause a denial-of-service.


* Denial-of-service in dcache shrinking.

Removing entries from the dcache when there are a large number of open
files could result in a soft-lockup of the system.


* CVE-2013-0160: Information disclosure by keystroke timing on a ptmx 
device.

It is possible to calculate the length of a user's password using a 
timing attack
on the ptmx device.


* Kernel panic on removal of the network bonding device module.

A race condition between removal of a network bonding device module and the
removal of the actual bond devices may cause a kernel panic.


* Information leak in SCTP keys.

SCTP keys were not be zeroed before being freed, which could allow
the keying material to be leaked.


* CVE-2013-3227: Kernel stack leak when receiving CAIF packets.

A part of the stack will leak when an attempt to receive packets from a
CAIF socket that doesn't have the name field set allowing kernel stack
memory to leak to userspace.


* CVE-2013-3228: Kernel stack information leak in IRDA sockets.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages.


* CVE-2013-3229: Kernel stack information leak in IUCV sockets.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages from an iUCV socket.


* CVE-2013-3231: Kernel stack information leak in LLC sockets.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages.


* Kernel stack leak when receiving Netrom packets when message name 
isn't set.

A part of the stack will leak when an attempt to receive packets from a
Netrom socket that doesn't have the name field set.


* CVE-2013-3232: Kernel stack information leak in amateur radio NET/ROM 
driver.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages from a NET/ROM socket.


* Memory leak in tree auditing subsystem.

Incorrect reference counting in error situations in the auditing subsystem
could lead to memory leaks. This could potentially be used by a local,
unprivileged user to cause a denial-of-service.


* NULL pointer dereference in ALSA driver.

A NULL pointer dereference in the ALSA HDA driver can lead to
a kernel Oops.


* Unchecked user input used in open source Radeon driver.

The Radeon driver didn't check user memory before copying it, which could
potentially be used to create a kernel exploit.


* NULL pointer dereference in usermodehelper.

A missing NULL pointer check could lead to a NULL pointer dereference
and a kernel crash.


* Heap buffer overflow in btrfs tree search ioctl.

Incorrect handling of large items could result in a buffer overflow
allowing a privileged, local user to corrupt kernel memory.


* Kernel crash in IP virtual server SIP persistence engine.

Use of uninitialized memory in the SIP persistence engine could result
in a kernel crash.


* Kernel crash in performance monitoring system.

Due to an incorrect bit mask, a user could write to a reserved CPU bit
and crash the kernel.


* Denial-of-service in CIFS inode handling.

In some cases, CIFS inode ops that had already been set were being reset,
leading to a kernel oops.  This could be used by a malicious user to cause
a denial of service.


* Denial-of-service in md buffered I/O interface.

It is possible for the dm-bufio code to deadlock on vmalloc.  This could
be used to cause a denial-of-service.


* Invalid memory access in USB cxacru driver.

A potential array underflow in the USB cxacru driver could cause an
invalid kernel memory access.


* NULL pointer dereference in MMU notifier.

A race condition could lead to a NULL pointer dereference in the mmu
notifier code.


* Kernel panic in mm pagewalk.

Invalid assumptions in the mm pagewalk code could cause a kernel
panic.  This can be triggered by simply cat'ing /proc/<pid>/smaps
while an application has a VM_PFNMAP range.


* NULL pointer dereference in Mantis DVB driver.

A missing NULL pointer check allowed a NULL pointer dereference
to occur in the Mantis DVB driver code.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-12.04-Updates mailing list