[Ksplice][Ubuntu-13.04-Updates] New updates available via Ksplice (USN-2045-1)

Fri Dec 6 01:12:13 PST 2013

Synopsis: USN-2045-1 can now be patched using Ksplice
CVEs: CVE-2013-4299 CVE-2013-4350

Systems running Ubuntu 13.04 Raring can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2045-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 13.04 Raring
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Denial-of-service in ext4 extended attribute error handling.

Missing memory freeing in the error path of extended attribute handling
could cause a memory leak and denial of service under specific
circumstances.

* NULL pointer dereference in IPv6 FIB rule addition failure.

Incorrect error handling could trigger a NULL pointer dereference when
failing to add an IPv6 FIB rule and causing a kernel crash.

* NULL pointer dereference in netpoll driver cleanup.

Incorrect locking could result in a NULL pointer dereference when
cleaning up a netpoll device as used in netconsole resulting in a kernel
crash.

* CVE-2013-4350: SCTP over IPv6 disables encryption.

When transporting SCTP data over an IPv6 link, an incorrect assumption in the
kernel IPv6 stack can disable IPv6 encryption leading to the SCTP data being
visible to malicious users on the network.

* Kernel crash in Xen netback frontend slot packing.

Under specific conditions the number of slots required to send packets
were incorrectly counted in the backend.  This could cause the frontend
to lose synchronization and later crash the guest kernel.

* Fix NULL pointer dereference in Bridge interface.

* Memory corruption in IPv6 UDP if the first packet is larger than the MTU.

A memory corruption is raised when the first UDP packet over IPv6 is larger than
the MTU size.

* CVE-2013-4299: Information leak in device mapper persistent snapshots.

An information leak flaw was found in the way Linux kernel's device
mapper subsystem, under certain conditions, interpreted data written to
snapshot block devices. An attacker could use this flaw to read data
from disk blocks in free space, which are normally inaccessible.

* Bad handling of condition when split a Huge Page.

On split a Huge Page, a BUG_ON validation takes place that may incur in a
wrong check if a race exists because a previous copy-on-write to another
Huge Page before the split.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.