[Ksplice][Ubuntu-13.04-Updates] New updates available via Ksplice (3.8.0-32.47)

Oracle Ksplice ksplice-support_ww at oracle.com
Mon Oct 21 14:33:09 PDT 2013 

Synopsis: 3.8.0-32.47 can now be patched using Ksplice
CVEs: CVE-2013-2237 CVE-2013-2888 CVE-2013-2892 CVE-2013-2896 CVE-2013-2898 CVE-2013-2899 CVE-2013-4300

Systems running Ubuntu 13.04 Raring can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.8.0-32.47.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 13.04 Raring
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel panic in Atheros AR9001/AR9002 transmit.

The Atheros wireless driver does not correctly manage packet data on AR9001 and
AR9002 devices leading to an assertion failure and kernel panic.


* NULL pointer dereference in HDMI sound driver.

The kernel does not validate a pointer when processing sound data from a HDMI
device causing a NULL pointer dereference and kernel panic.


* Kernel panic in removable memory sysfs interface.

When showing the contents of the /sys/devices/system/memory/memory*/removable
sysfs file, the kernel does not validate that all memory sections are present
causing a kernel panic.


* NULL pointer dereference in memory control groups.

The kernel does not validate a pointer when querying the memory control group
cache causing a NULL pointer dereference and kernel panic.


* Use-after-free in 802.11 IBSS processing.

The generic 802.11 driver does not correctly adjust a reference count when
leaving an IBSS ad-hoc network leading to a use-after-free condition and kernel
panic.


* CVE-2013-2237: Information leak on IPSec key socket.

Incorrect initialization on policy flushing could leak kernel stack
bytes to userspace.


* CVE-2013-2888: Memory corruption in Human Input Device processing.

The kernel does not correctly validate the 'Report ID' field in HID data allowing
a malicious USB or Bluetooth device to cause memory corruption and gain kernel
code execution.


* CVE-2013-4300: Privilege escalation in AF_UNIX credential passing.

The kernel uses the wrong namespace when validating credentials passed via a
AF_UNIX socket allowing users in a namespace to spoof credentials and gain
elevated privileges.


* Use-after-free in Xen grant table callbacks.

Xen allows individual callbacks to be registered multiple times for individual
grant tables leading to a use-after-free condition and kernel panic.


* Deadlock in CephFS GET_DATALOC ioctl.

The Ceph filesystem does not release mutex if an error is encountered when handling
the GET_DATALOC ioctl leading to a kernel deadlock.


* Memory leak in CephFS Object Storage Daemon client.

The Ceph filesystem does not release memory when a read or write operation to an
Object Storage Daemon fails causing a kernel memory leak.


* Denial-of-service in USB configuration parsing.

The generic USB driver does not correctly validate the length of USB configuration
blocks allowing a malicious USB device to cause a kernel panic.


* Information leak in procfs filesystem.

A missing privilege check in the procfs filesystem allows users inside a namespace
to remount the procfs filesystem with weak permissions, leaking information about
processes in other namespaces.


* Information leak in DRM MODE_GETFB ioctl.

A missing capability check in the MODE_GETFB ioctl allows processes with hardware-
accelerated rendering to arbitrarily read and write the current screen framebuffer.


* NULL pointer dereference in PicoLCD device removal.

The PicoLCD HID driver does not validate a pointer when removing a PicoLCD device
leading to a NULL pointer dereference and kernel panic.


* Kernel panic in HD PVR error handling.

Invalid error handling in the HD PVR probe function could lead to
uninitialized memory being accessed, leading to a kernel panic.


* CVE-2013-2892: Memory corruption in Pantherlord Human Input Device processing.

Missing validation of HID report data could cause corruption of heap
memory.  A local user with physical access to the system could use this
flaw to crash the kernel resulting in DoS or potential privilege
escalation to gain root access via arbitrary code execution.


* CVE-2013-2896: NULL pointer dereference in N-Trig HID driver.

The N-Trig touch-screen device driver does not correctly validate data from
devices allowing a malicious device to trigger a NULL pointer dereference causing
a kernel panic.


* CVE-2013-2898: Information leak in HID sensor framework.

The kernel HID sensor framework does not correctly validate data from devices
allowing a malicious device to leak the contents of kernel memory.


* CVE-2013-2899: NULL pointer dereference in PicoLCD device driver.

The PicoLCD HID driver does not correctly validate data from devices allowing a
malicious device to trigger a NULL pointer dereference causing a kernel panic.


* NULL pointer dereference in HID report field setting.

Missing NULL pointer checks could result in a NULL pointer dereference
when a driver populated the results of field enquiries.


* Use-after-free in kernel cryptography subsystem.

The kernel cryptography subsystem incorrectly frees kernel memory when initializing
a cryptographic algorithm leading to a use-after-free condition and kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-13.04-Updates mailing list