[Ksplice][Ubuntu-13.10-Updates] New updates available via Ksplice (USN-2179-1)

[Oracle Ksplice]

Synopsis: USN-2179-1 can now be patched using Ksplice
CVEs: CVE-2014-0049 CVE-2014-0069

Systems running Ubuntu 13.10 Saucy can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2179-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 13.10 Saucy
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Deadlock in PCI DMA subsystem when allocating a DMA buffer.

A logic error in the PCI DMA architecture dependent code could lead to a
deadlock.


* Deadlock in ext4 filesystem in swap_inode_boot_loader() error path.

Incorrect locking in the error path of swap_inode_boot_loader() leaves a
mutex unlocked leading to a deadlock. A local, privileged user could use
this flaw to cause a denial-of-service.


* CVE-2014-0069: Denial-of-service in CIFS filesystem on uncached writes.

A lack of input validation in the CIFS filesystem code could lead to memory
corruption and kernel crash. A local, unprivileged user could use this flaw
to cause a denial-of-service.


* Data corruption in ext4 when resizing with non-standard blocks-per-group number.

A flaw in the ext4 resizing code could lead to data corruptions when the
number of blocks per group is not 8.


* Use-after-free in JDB2 transaction code.

A flaw in the JBD2 code could lead to a use-after-free and kernel crash. A
local, privileged user could use this flaw to cause a denial-of-service.


* Memory leak in ACPI PCI when enabling IRQ.

A flaw in the ACPI PCI IRQ driver could lead to leak memory. A local,
privileged user could use this flaw to exhaust the memory on the system and
cause a denial-of-service.


* Use-after-free in Intel MEI driver on send flow control failure.

A flaw in the MEI driver could lead to a use-after-free and kernel crash. A
local privileged user could use this flaw to cause a denial-of-service.


* Deadlock in the tg3 ethernet driver when changing the MTU.

Incorrect locking in the tg3 ethernet driver could lead to a deadlock when
changing the MTU. A local, privileged user could use this flaw to cause a
denial-of-service.


* Denial-of-service in KVM with nested VMs.

A missing check in the KVM MMU code could lead to a kernel crash. A local,
privileged user could use this flaw to cause a denial-of-service.


* Use-after-free in STE DMA driver tasklet.

A flaw in the STE DMA driver results in a use-after-free and potentially to
a kernel crash.


* Deadlock in Arizona haptics input driver.

A flaw in the Arizona haptics input driver leads to a double mutex_lock()
resulting in a deadlock and denial-of-service.


* Denial-of-service in QLogic driver on selective retransmission request.

A missing check in the QLogic driver code results in NULL pointer
dereference and kernel crash. A remote user could use this flaw to cause a
denial-of-service.


* Use-after-free in i7 EDAC driver when iterating PCI devices.

Due to incorrect reference counting in the i7 EDAC driver, a use-after-free
could result in a kernel crash and denial-of-service.


* Deadlock in firmware class driver on suspend path.

A flaw in the firmware class driver results in a deadlock and kernel
hang. A local, privileged user could use this flaw to cause a
denial-of-service.


* Denial-of-service in perf subsystem when hotplugging CPU.

Incorrect locking in the perf subsystem could lead to use-after-free and
kernel crash when hotplugging a CPU. A local, privileged user could use
this flaw to cause a denial-of-service.


* CVE-2014-0049: Code execution in KVM mmio emulator.

A logic error in the KVM code could lead to out of bounds memory accesses,
resulting in a kernel crash or potentially allowing a local user to write
in the host memory. A local, privileged user could use this flaw to elevate
privileges and execute arbitrary code in kernel mode.


* Denial-of-service in Radeon DRM driver when opening mode setting interface.

A flaw in the Radeon DRM driver could lead to a kernel crash on opening the
kernel mode setting interface. A local, privileged user could use this flaw
to cause a denial-of-service.


* Denial-of-service in net core when allocating sk_buff under memory pressure.

A flaw in the net core subsystem when allocating a sk_buff under memory
pressure could lead to trigger OOM and potentially result in a
denial-of-service.


* Denial-of-service in cgroup subsystem when adding a cgroup to a task.

Incorrect locking in the cgroup subsystem could lead to list corruptions
and kernel crash under specific conditions. A local, unprivileged user
could use this flaw to cause a denial-of-service.


* Denial-of-service in ext4 when resizing with large inode tables.

A flaw in the ext4 code when resizing a filesystem with large number of
inodes per block group could lead to a kernel BUG. A local, privileged user
could use this flaw to cause a denial-of-service.


* Deadlock in EHCI USB2 controller driver when handling an interrupt.

Incorrect locking in the EHCI driver code could lead to a deadlock,
resulting in a denial-of-service under specific conditions.


* Denial-of-service in perf subsystem when updating the maximum sample rate.

Incorrect input validation in the perf subsystem when
perf_event_max_sample_rate is updated with a value less or equal than zero,
causes a division by zero in kernel. A local, privileged user could use
this flaw to cause soft-lockups and a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.