[Ksplice][Ubuntu-13.04-Updates] New updates available via Ksplice (3.8.0-25.37)
Samson Yeung
samson.yeung at oracle.com
Fri Jul 5 18:25:25 PDT 2013
Synopsis: 3.8.0-25.37 can now be patched using Ksplice
Systems running Ubuntu 13.04 Raring can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.8.0-25.37.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 13.04 Raring
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* NULL pointer dereference in ALSA driver.
A NULL pointer derference in the ALSA HDA driver can lead to
a kernel Oops.
* Kernel OOPS on NFS recovery dir creation.
Invalid parameters passed to the recovery dir creation may case
a kernel OOPS.
* NULL pointer dereference on mapping of unaligned memory on shared
Mapping of unaligned memory block on the shared memory file system would
case a NULL pointer dereference.
* Kernel deadlock in block device memory allocation.
Under specific conditions the kernel may try to allocate memory to
perform an I/O transfer which could result in trying to allocate more
memory and causing the system to deadlock.
* Denial-of-service in md buffered I/O interface.
It is possible for the dm-bufio code to deadlock on vmalloc. This could
be used to cause a denial-of-service.
* Unchecked user input used in open source Radeon driver.
The Radeon driver didn't check user memory before copying it, which could
potentially be used to create a kernel exploit.
* NULL pointer dereference in usermodehelper.
A missing NULL pointer check could lead to a NULL pointer dereference
and a kernel crash.
* Heap buffer overflow in btrfs tree search ioctl.
Incorrect handling of large items could result in a buffer overflow
allowing a privileged, local user to corrupt kernel memory.
* Denial of service in watchdog registration.
A race condition in watchdog registration could lead to a deadlock. This
could be used to cause a denial of service by a malicious user.
* Denial-of-service in CIFS inode handling.
In some cases, CIFS inode ops that had already been set were being reset,
leading to a kernel oops. This could be used by a malicious user to cause
a denial of service.
* Invalid memory access in USB cxacru driver.
A potential array underflow in the USB cxacru driver could cause an
invalid kernel memory access.
* Buffer overflow in CIFS options handling.
In some cases, insufficient memory was being allocated for the CIFS
mount options, leading to a buffer overflow.
* NULL pointer dereference in MMU notifier.
A race condition could lead to a NULL pointer dereference in the mmu
notifier code.
* Kernel panic in mm pagewalk.
Invalid assumptions in the mm pagewalk code could cause a kernel
panic. This can be triggered by simply cat'ing /proc/<pid>/smaps
while an application has a VM_PFNMAP range.
* Kernel hang in block control group queue bypassing.
Incorrect locking could cause the kernel to try to schedule another task
whilst in an atomic context causing a kernel crash.
* Memory corruption in IPMI ioctl() operations on 64-bit systems.
On 64-bit systems, the ioctl() call for the IPMI device performed
incorrect locking resulting in memory corruption and undefined
behaviour.
* Resource leak in TUN device driver.
Incorrect reference counting in the TUN device recvmsg() implementation
could cause a resource leak allowing a privileged user to cause a
denial-of-service attack.
* Denial-of-service in memory mapped packet socket interface.
Incorrect error handling in the memory mapped packet socket interface
could allow a local, unprivileged user to crash the system.
* Kernel stack information leak in IPv6 GRE tunnelling.
Missing structure clearing could result in leaking a number of bytes of
kernel stack data to userspace in the IPv6 GRE tunnel ioctl() call.
* Memory leak in Distributed Replicated Block Device detach.
A missing resource free caused a memory leak when detaching a a DRDB
device.
* Use-after-free in wireless PHY device registration.
Incorrect error handling when registering a WiFi PHY device could result
in a use-after-free and kernel crash.
* Integer overflow in FAT filesystem mounting.
Integer overflow in FAT filesystems could result in a corrupted
filesystem.
* Kernel crash in memory control group charging.
An unnecessary assertion in the memory control group charging code could
result in a kernel crash when performing swap.
* Memory corruption in random number generation.
Incorrect locking in the random number generation code could result in
memory corruption and undefined behaviour.
* Privilege escalation in XFS file truncation.
Truncating a non-zero sized file on an XFS filesystem did not clear the
SUID/SGID bits, allowing a local user with write access to the file to
possibly escalate privileges.
* KVM guest crash in halt emulation.
Incorrect handling of halt emulation could cause a guest to hang when
emulating certain instructions.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-13.04-Updates
mailing list