[Ksplice][Ubuntu-13.10-Updates] New updates available via Ksplice (3.11.0-19.33)

Oracle Ksplice ksplice-support_ww at oracle.com
Wed Apr 2 00:56:12 PDT 2014 

Synopsis: 3.11.0-19.33 can now be patched using Ksplice

Systems running Ubuntu 13.10 Saucy can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.11.0-19.33.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 13.10 Saucy
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory corruption in the Pin controller on creation.

Incorrect locking in the Pin controller code could result in a race
condition resulting in memory corruption. A local, privileged user could
use this flaw to cause a denial-of-service.


* Denial-of-service in VMware SVGA2 driver when executing ioctl().

A logic in the error path of VMware SVGA2 driver could lead to lock
imbalance and potentially a leak of memory or kernel deadlock. A local,
privileged user could use this flaw to cause a denial-of-service.


* Deadlock in memory management subsystem when setting page_dirty bit.

Incorrect locking in the memory management could lead to a deadlock when
setting the dirty bit. An attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service in block subsystem when switching elevators.

A race condition in the request iterator for block devices could lead to a
kernel crash. A local, privileged user could use this flaw to cause a
denial-of-service.


* NULL pointer dereference in MAX17040 fuel gauge driver on probing.

A missing check in the MAX17040 fuel gauge driver could result in a NULL
pointer dereference. A local, privileged user could use this flaw to cause
a denial-of-service.


* Information leak in mac80211 when transferring fragmented packet.

A flaw in the mac80211 stack could result in leaking 8 bytes of plain text
in the air. An attacker, physically in the range of the WiFi network, could
use this flaw to obtain sensitive informations.


* Out of bounds memory access in raw char device driver upon binding.

Incorrect input validation in the raw character device driver could lead to
out of bounds memory access, potentially leading to kernel crash. A local,
privileged user could use this flaw to cause a denial-of-service.


* Denial-of-service in VFS subsystem when allocating a file descriptor.

A flaw in the VFS subsystem could result in OOM killer being triggered and
potentially result in a denial-of-service. An attacker could use this flaw
to cause a denial-of-service.


* Memory leak in NFS when creating symlinks.

Incorrect reference counting in the management of symlinks in the NFS
driver code leads to a memory leak. A local, unprivileged user could use
this flaw to exhaust the memory on the system and cause a
denial-of-service.


* Denial-of-service in ftrace subsystem when using function graph caller.

A race condition in the ftrace subsystem could lead to a kernel crash under
specific conditions. A local, privileged user could use this flaw to cause
a denial-of-service.


* Soft lockup in block lib driver when discarding a device.

A race condition in the block lib driver could result in soft lock under
specific conditions. A local, privileged user could use this flaw to cause
a denial-of-service.


* Use-after-free in target core module subsystem.

A use-after-free in the target core driver could result in a kernel
crash. An attacker could use this flaw to cause a denial-of-service.


* Race condition in video buffer between open() and close().

A race condition in the video buffer subsystem could lead to a deadlock
when video_vm_open()/close() are called concurrently. A local, privileged
user could use this flaw to cause a denial-of-service.


* Information leak in MxL111SF USB DTV receiver.

An information leak flaw was found in the MxL111SF USB DTV receiver which,
under certain conditions, could print uninitialized values from the
stack. An attacker could use this flaw to obtain informations about the
running kernel.


* Race condition in swap subsystem between swapon()/swapoff().

A race condition in the swap subsystem could lead to a use-after-free and
potentially kernel crash. A local, privileged user could use this flaw to
cause a denial-of-service.


* Memory leak in Intel management engine interface in the suspend path.

A race condition in the Intel management engine interface driver could lead
to a memory leak during the suspend/resume path. A local, privileged user
could use this flaw to cause a denial-of-service.


* Denial-of-service in the EDAC core subsystem when setting a 0 timeout.

A lack of input validation in the EDAC core subsystem allowed a timeout of
0, which leads to a kernel crash. A local, privileged user could use this
flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-13.10-Updates mailing list