[Ksplice][Ubuntu-13.04-Updates] New updates available via Ksplice (3.8.0-25.37)

[Phil Turnbull]

Synopsis: 3.8.0-25.37 can now be patched using Ksplice
CVEs: CVE-2013-0160

Systems running Ubuntu 13.04 Raring can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.8.0-25.37.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 13.04 Raring
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-0160: Information disclosure by keystroke timing on a ptmx device.

It is possible to calculate the length of a user's password using a timing attack
on the ptmx device.


* Use-after-free in frame buffer console fonts.

Changing framebuffer consoles did not correctly font data resulting in
use-after-free and kernel crash.


* Use-after-free in sysfs read/write accesses.

A race condition between read/write accesses and readdir calls on sysfs
directories could result in a use-after-free and kernel crash.


* Denial-of-service in /proc/fs/fscache/stats.

A memory leak in /proc/fs/fscache/stats could allow an unprivileged user
to leak memory and cause a denial-of-service.


* Kernel crash in cgroup process attachment.

Incorrect initialization could cause the kernel to crash on memory
allocation failure when under heavy memory pressure.


* Double-free in cgroup extended attributes.

Due to erroneous ownership logic, memory allocated for extended attributes
would be freed more than once. A malicious local user could potentially
use this to cause denial of service by crashing the kernel.


* Denial-of-service in dcache shrinking.

Removing entries from the dcache when there are a large number of open
files could result in a soft-lockup of the system.


* Denial-of-service in RCU tracing files.

A memory leak in the RCU tracing debugfs files could allow an
unprivileged user to leak memory and cause a denial-of-service.


* Denial-of-service in Intel Last Branch Record (LBR) performance filter.

Unvalidated user input could allow a local user to cause the kernel to
read from a user supplied address causing a kernel panic.


* Kernel information leak in Intel Last Branch Record profiling.

Missing permission checks could allow an unprivileged user to extract
kernel address information using the Last Branch Record feature on Intel
devices.


* Kernel crash in IP virtual server SIP persistence engine.

Use of uninitialized memory in the SIP persistence engine could result
in a kernel crash.


* Use-after-free in netfilter ipset management.

Missing reference counting could result in a use-after-free and kernel
crash.


* Denial-of-service in netfilter connection tracking.

Use of uninitialized memory could result in a kernel crash in the
netfilter connection tracking module under user control.


* Memory leak in tree auditing subsystem.

Incorrect reference counting in error situations in the auditing subsystem
could lead to memory leaks. This could potentially be used by a local,
unprivileged user to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.