[Ksplice][Ubuntu-12.04-Updates] New updates available via Ksplice (USN-2660-1)

[Oracle Ksplice]

Synopsis: USN-2660-1 can now be patched using Ksplice
CVEs: CVE-2015-1420 CVE-2015-5364 CVE-2015-5366

Systems running Ubuntu 12.04 Precise can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2660-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.04 Precise
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

NOTE

The Ksplice update for CVE-2015-5364, CVE-2015-5366 was not part of
the officialy released kernel but we felt that it's important to
ship this update early, before distributions released kernels,
because our audit showed that we have a large number of customers
affected by this issue.

DESCRIPTION

* CVE-2015-5364, CVE-2015-5366: Kernel hang on UDP flood with wrong checksums.

A flaw in the UDP handling of wrong checksums could lead to a kernel hang
under a UDP flood attack.  A remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2015-1420: Buffer overflow in name_to_handle_at() system call.

Due to a race condition in the name_to_handle_at() system call, it is
possible for userspace to change the length of the buffer read by the
kernel after it has been allocated. This could lead to a buffer
overflow. A local user with CAP_DAC_READ_SEARCH privileges could
potentially use this to cause denial of service or possibly escalate
their privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.