[Ksplice][Ubuntu-13.04-Updates] New updates available via Ksplice (3.8.0-33.48)

[Oracle Ksplice]

Synopsis: 3.8.0-33.48 can now be patched using Ksplice
CVEs: CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893 CVE-2013-2894 CVE-2013-2895 CVE-2013-4343

Systems running Ubuntu 13.04 Raring can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.8.0-33.48.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 13.04 Raring
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-2147: Kernel memory leak in HP and Compaq controllers.

Missing initialization of a returned result in the HP Smart Array and
Compaq SMART2 controllers could leak internal kernel memory back to
userspace.


* Kernel panic in Hierarchical Token Bucket scheduler.

The kernel HTB scheduler does not validate priority levels causing an out-of-bounds
read leading to a kernel panic.


* Memory leak in RealTek 8139 device driver.

The RealTek 8139 ethernet device driver does not free kernel memory when dropping
packets leading to a kernel panic.


* CVE-2013-0343: Denial of service in IPv6 privacy extensions.

A malicious remote user can disable IPv6 privacy extensions by flooding the host
with malicious temporary addresses.


* Use-after-free in IPv6 options processing.

The kernel IPv6 implementation incorrectly uses freed memory when processing
received IPv6 packets leading to a use-after-free condition and kernel panic.


* CVE-2013-2889: Memory corruption in Zeroplus HID driver.

The Zeroplus game controller device driver does not correctly validate
data from devices allowing a malicious device to cause kernel memory
corruption and potentially gain kernel code execution.


* CVE-2013-2893: Memory corruption in Logitech force feedback devices.

The Logitech force feedback driver does not correctly validate data from devices
allowing a malicious device to cause kernel memory corruption and potentially
gain kernel code execution.


* CVE-2013-2894: Memory corruption in Lenovo ThinkPad keyboard driver.

The Lenovo ThinkPad Keyboard with TrackPoint driver does not correctly validate
data from devices allowing a malicious device to cause kernel memory corruption
and potentially gain kernel code execution.


* Resource leak in CIFS client under low memory conditions.

The kernel CIFS client does not free file resources when opening a file on a CIFS
share fails, leading to a kernel memory leak and kernel panic.


* NULL pointer dereference in USB device controller removal.

The USB gadget driver does not validate a pointer when removing a USB gadget
device leading to a NULL pointer dereference and kernel panic.


* Use-after-free in kernel device management.

The kernel does not correctly manage reference counts when removing devices from
the system leading to a use-after-free condition and kernel panic.


* Kernel crash in max98095 audio codec driver.

Incorrect validation of user supplied data could allow a local user with
access to the codec device to trigger an out-of-bounds memory access and
kernel panic.


* Kernel crash and information leak in ab8500 audio codec driver.

Missing validation of user supplied input could result in an
out-of-bounds memory access and kernel panic or stack information leak
if a local user has access to the audio codec device.


* Kernel crash in 88pm860x audio codec driver.

Missing validation of user supplied data could allow a local user with
access to the codec device to trigger an out of bounds memory access and
kernel panic.


* Kernel panic in ELF coredumping with large number of mmapped files.

On a system where a large number of mappings are permitted, a local,
unprivileged user could trigger a NULL pointer dereference when writing
corefiles and storing the filenames of the mapped files.


* Incorrect permission checks on networking sysctls.

Permission checks in the networking sysctl interface incorrectly use the
current uid/gid rather than the effective uid/gid which could allow an
unprivileged user to manipulate network settings using a setuid binary.


* CVE-2013-2895: NULL pointer dereference in Logitech DJ driver.

The Logitech DJ Unifying driver does not correctly validate data from devices
allowing a malicious device to leak the contents of kernel memory or trigger a
NULL pointer dereference causing a kernel panic.


* CVE-2013-4343: Use-after-free in tun driver.

A use-after-free vulnerability in the tun driver allowed local users to
gain privileges by leveraging the CAP_NET_ADMIN capability and providing
an invalid tuntap interface name in a TUNSETIFF ioctl call.


* Privilege escalation in filesystem remounting.

Incorrect permissions checks for superblock-level remounting could allow
a privileged user without CAP_SYS_ADMIN to remount filesystems allowing
privilege escalation.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.