[Ksplice][Ubuntu-13.04-Updates] New updates available via Ksplice (3.8.0-30.44)

[Oracle Ksplice]

Synopsis: 3.8.0-30.44 can now be patched using Ksplice
CVEs: CVE-2013-2140 CVE-2013-2232 CVE-2013-2234 CVE-2013-4162 CVE-2013-4163

Systems running Ubuntu 13.04 Raring can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.8.0-30.44.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 13.04 Raring
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-2140: Arbitrary sector discard in Xen block device.

A missing check for invalid blocks would allow the discard of
sectors even if they were marked read-only or not allowed by
permissions.


* Memory corruption in Intel i915 memory management.

Incorrect list handling could result in accessing invalid memory and
corrupting the state of the DRM memory management system.


* NULL pointer dereference in radeon HDMI handling.

Missing NULL pointer checks in the radeon HDMI handling could result in
a NULL pointer dereference and kernel crash.


* Use-after-free in ACPI memory hotplug failure.

Incorrect handling of memory hotplug failure could result in accessing a
stale pointer and triggering a kernel crash.


* Deadlock in btrfs snapshot deletion.

Missing lock tracking could result in deadlock when deleting a snapshot
causing the system to hang.


* Double free in MAC-VLAN based tap driver.

Due to incorrect error handling, the macvtap driver could free the same
page twice, possibly leading to kernel crashes. A malicious local user
could exploit this to cause denial of service.


* CVE-2013-2232: Memory corruption in IPv6 routing cache.

Connecting an IPv6 socket to an IPv4 destination can cause IPv4 routing
information to be placed in the IPv6 routing cache causing memory corruption
and a kernel panic.


* CVE-2013-2234: Information leak in IPsec key management.

An error in the AF_KEY implementation allows privileged users to leak contents of
the kernel stack to userspace.


* Race condition in neighbour (generic network address resolution) code.

Due to missing locking in neighbour code, attempting to destroy a neighbour
entry can cause a kernel crash. A malicious user could possibly exploit
this to cause denial of service.


* Deadlock in x25 ioctl error path.

Invalid error handling in the x25 ioctl code causes a lock to not be
released, leading to a deadlock.


* CVE-2013-4162: Denial-of-service with IPv6 sockets with UDP_CORK.

When pushing pending frames in IPv6 udp code, an incorrect function call can
be made. This allows local users to cause a denial of service (BUG and system
crash) via a crafted application that uses the UDP_CORK option in a
setsockopt system call.


* CVE-2013-4163: Kernel crash in IPv6 sockets with IPV6_MTU set.

Incorrect handling of IPv6 sockets with IPV6_MTU set could result in
a kernel BUG() and subsequent crash.


* Memory corruption in Plan 9 9p remote filesystem.

An off by one error could lead to memory access violations and memory
corruption when releasing pages in the 9p, leading to a kernel crash.


* Memory corruption in 8021q VLAN.

A race condition in 8021q VLAN could cause memory corruption and lead
to a kernel crash.


* Filesystem corruption on ext4 truncation.

Missing error handling could result in filesystem corruption when
removing extents during truncation.


* Memory leak in Virtual IP tunneling initialization.

Duplicated memory allocations would cause a memory leak when
initializing Virtual IP resulting in a possible denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.