[Ksplice][Ubuntu-13.04-Updates] New updates available via Ksplice (3.8.0-25.37)

Samson Yeung samson.yeung at oracle.com
Fri Jul 5 18:25:25 PDT 2013 

Synopsis: 3.8.0-25.37 can now be patched using Ksplice

Systems running Ubuntu 13.04 Raring can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.8.0-25.37.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 13.04 Raring
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* NULL pointer dereference in ALSA driver.

A NULL pointer derference in the ALSA HDA driver can lead to
a kernel Oops.


* Kernel OOPS on NFS recovery dir creation.

Invalid parameters passed to the recovery dir creation may case
a kernel OOPS.


* NULL pointer dereference on mapping of unaligned memory on shared


Mapping of unaligned memory block on the shared memory file system would
case a NULL pointer dereference.


* Kernel deadlock in block device memory allocation.

Under specific conditions the kernel may try to allocate memory to
perform an I/O transfer which could result in trying to allocate more
memory and causing the system to deadlock.


* Denial-of-service in md buffered I/O interface.

It is possible for the dm-bufio code to deadlock on vmalloc.  This could
be used to cause a denial-of-service.


* Unchecked user input used in open source Radeon driver.

The Radeon driver didn't check user memory before copying it, which could
potentially be used to create a kernel exploit.


* NULL pointer dereference in usermodehelper.

A missing NULL pointer check could lead to a NULL pointer dereference
and a kernel crash.


* Heap buffer overflow in btrfs tree search ioctl.

Incorrect handling of large items could result in a buffer overflow
allowing a privileged, local user to corrupt kernel memory.


* Denial of service in watchdog registration.

A race condition in watchdog registration could lead to a deadlock.  This
could be used to cause a denial of service by a malicious user.


* Denial-of-service in CIFS inode handling.

In some cases, CIFS inode ops that had already been set were being reset,
leading to a kernel oops.  This could be used by a malicious user to cause
a denial of service.


* Invalid memory access in USB cxacru driver.

A potential array underflow in the USB cxacru driver could cause an
invalid kernel memory access.


* Buffer overflow in CIFS options handling.

In some cases, insufficient memory was being allocated for the CIFS
mount options, leading to a buffer overflow.


* NULL pointer dereference in MMU notifier.

A race condition could lead to a NULL pointer dereference in the mmu
notifier code.


* Kernel panic in mm pagewalk.

Invalid assumptions in the mm pagewalk code could cause a kernel
panic.  This can be triggered by simply cat'ing /proc/<pid>/smaps
while an application has a VM_PFNMAP range.


* Kernel hang in block control group queue bypassing.

Incorrect locking could cause the kernel to try to schedule another task
whilst in an atomic context causing a kernel crash.


* Memory corruption in IPMI ioctl() operations on 64-bit systems.

On 64-bit systems, the ioctl() call for the IPMI device performed
incorrect locking resulting in memory corruption and undefined
behaviour.


* Resource leak in TUN device driver.

Incorrect reference counting in the TUN device recvmsg() implementation
could cause a resource leak allowing a privileged user to cause a
denial-of-service attack.


* Denial-of-service in memory mapped packet socket interface.

Incorrect error handling in the memory mapped packet socket interface
could allow a local, unprivileged user to crash the system.


* Kernel stack information leak in IPv6 GRE tunnelling.

Missing structure clearing could result in leaking a number of bytes of
kernel stack data to userspace in the IPv6 GRE tunnel ioctl() call.


* Memory leak in Distributed Replicated Block Device detach.

A missing resource free caused a memory leak when detaching a a DRDB
device.


* Use-after-free in wireless PHY device registration.

Incorrect error handling when registering a WiFi PHY device could result
in a use-after-free and kernel crash.


* Integer overflow in FAT filesystem mounting.

Integer overflow in FAT filesystems could result in a corrupted
filesystem.


* Kernel crash in memory control group charging.

An unnecessary assertion in the memory control group charging code could
result in a kernel crash when performing swap.


* Memory corruption in random number generation.

Incorrect locking in the random number generation code could result in
memory corruption and undefined behaviour.


* Privilege escalation in XFS file truncation.

Truncating a non-zero sized file on an XFS filesystem did not clear the
SUID/SGID bits, allowing a local user with write access to the file to
possibly escalate privileges.


* KVM guest crash in halt emulation.

Incorrect handling of halt emulation could cause a guest to hang when
emulating certain instructions.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-13.04-Updates mailing list