[Ksplice][Ubuntu-13.10-Updates] New updates available via Ksplice (3.11.0-18.32)

[Oracle Ksplice]

Synopsis: 3.11.0-18.32 can now be patched using Ksplice
CVEs: CVE-2013-6885 CVE-2014-1874 CVE-2014-2038

Systems running Ubuntu 13.10 Saucy can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.11.0-18.32.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 13.10 Saucy
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2014-1874: Denial-of-service in SELinux on empty security context.

Incorrect input validation in the SELinux subsystem could lead to a NULL
pointer dereference. A local, privileged user could use this flaw to cause
a denial-of-service.


* Use-after-free in ARC ethernet packet transmission.

A race condition between adding timestamps to packets and completing packet
transmission can lead to a use-after-free condition and kernel panic.


* Kernel panic in Solarflare PTP packet transmission.

Incorrect length validation can trigger an out-of-bounds read and kernel panic
when transmitting a Precise Time Protocol packet over a Solarflare ethernet
device.


* Data corruption on NFS mounts during writeback.

Incorrect handling of inode writeback could result in data corruption of
NFS mounted filesystems under specific conditions.


* Deadlock in Intel graphic card driver when setting hardware state.

Incorrect locking in the Intel graphic card driver could result in a
deadlock under specific conditions. An attacker could use this flaw to
cause a denial-of-service.


* Denial-of-service in Raid10 subsystem when handling known bad blocks.

Incorrect calculation of the number of sectors handled in RAID10 could
potentially lead to a kernel crash. A local, privileged user could use a
specially crafted block device to cause a denial of service.


* NULL pointer dereference in Raid10 subsystem during recovery.

Incorrect locking in the Raid10 subsystem could result in a use-after-free
and NULL pointer dereference. A local, privileged user could a specially
crafted block device to cause a denial-of-service.


* Data corruption on NILFS2 with a filesystem nearly full.

Incorrect logic in the NILFS2 filesystem code could result in data
corruption under specific conditions.


* Use-after-free in GFS2 filesystem with parallel close/chown.

Incorrect reference counting in the GFS2 chown syscall could lead to a
use-after-free. A local, privileged user, could use this flaw to cause a
denial-of-service.


* Denial-of-service in transparent huge subsystems when copying huge page.

Incorrect logic in the transparent huge page subsystem could lead to a
general protection fault and kernel panic. A local, unprivileged user could
use this flaw to cause a denial-of-service.


* Denial-of-service in xHCI drivers when removing driver.

Lack of input validation in the xHCI driver when removing the driver could
lead to a kernel crash. A local, privileged user could use this flaw to
cause a denial-of-service.


* Memory leak in SELinux when loading a policy.

A flaw in SELinux error path policy code loading leads to a memory leak. A
local, privileged user could use this flaw to cause a denial-of-service.


* NULL pointer dereference in USB Core driver when removing a hub.

Missing locking in the USB Core driver could lead to a NULL pointer
dereference and kernel oops when unbinding a USB driver. A local,
privileged user could use this flaw to cause a denial-of-service.


* Memory corruption in ext4 filesystem when truncating small data file.

A missing cast in the ext4 filesystem code could result in memory or data
corruption if truncating an inline file. A local, unprivileged user could
use this flaw to cause a denial-of-service.


* Denial-of-service in Radeon driver on resume from suspend.

A missing check in the Radeon driver code could lead to a NULL pointer
dereference and kernel oops. A local, privileged user could use this flaw to
cause a denial-of-service.


* Data corruption in LVM/Raid btree sorting algorithm.

A flaw in the btree algorithm for LVM/Raid could lead into data corruption
under specific circumstances.


* Use-after-free in ftrace when un-registering a function trace.

A logic error in the ftrace removal code could lead to a race condition
resulting in a use-after-free and kernel crash. A local, privileged user
could use this flaw to cause a denial-of-service.


* Deadlock in b43 WiFi driver when in soft access-point mode.

Incorrect locking in the b43 WiFi driver could lead to a deadlock. A local,
privileged user could use this flaw to cause a denial-of-service.


* Denial-of-service in audit subsystem when audit queue overflows.

A logic error in the audit subsystem could result in an infinite loop and
subsequents audit events not being sent. A local, unprivileged user could
use this flaw to cause a denial-of-service of audit.


* Use-after-free in virtio-scsi driver in suspend path.

A flaw in the virtio-scsi code could result in a use-after-free and kernel
crash in the suspend path.


* Denial-of-service in MGA G200 driver when managing the cursor.

A missing check in the MGA G200 cursor management code could lead to a NULL
pointer dereference. A local, privileged user could use this flaw to cause
a denial-of-service.


* CVE-2014-2038: Data corruption in NFSv4 on concurrent client writes.

A logic error in the NFSv4 code could lead to data corruption when clients
write concurrently to the same file. An attacker could use this flaw to
cause data corruption on mounted NFSv4 filesystem.


* Use-after-free in NFSv4 client code when initializing a new client.

A logic error in the NFSv4 client code could lead to a use-after-free and
kernel panic. A local, privileged user could use this flaw to cause a
denial-of-service.


* Memory leak in MFD driver on driver removal.

Incorrect initialization of a register map in the MFD driver results in
memory being leaked after driver removal. A local, privileged user could
use this flaw to exhaust the memory on the system and cause a
denial-of-service.


* Denial-of-service in memory-failure on transparent huge page split.

Incorrect locking in the memory-failure code could lead to a kernel crash
under specific conditions. A local, privileged user could use this flaw to
cause a denial-of-service.


* Denial-of-service in memory control group on removal.

Incorrect locking in the memory control groups subsystem could lead to an
endless loop on control group removal. A local, privileged user could use
this flaw to cause a denial-of-service.


* Denial-of-service in power management when Intel graphic driver fails on init.

Missing removal of power management callbacks in the Intel graphic driver
initialization error path could result in a kernel crash.


* Information leak in btrfs code when creating a snapshot.

Due to incorrect privilege checks in btrfs code, no restriction was
enforced on subvolumes snapshots. A local, unprivileged user could use this
flaw to have access to parts of the filesystem which were otherwise
protected by Unix permissions.


* Denial-of-service in AST, Cirrus and MGAG frame buffer drivers.

A logic error in frame buffer drivers for AST, Cirrus and MGAG could lead
to deadlock.


* Use-after-free in EDAC Intel E752X driver.

Incorrect reference counting in the EDAC Intel E752X driver could lead to a
use-after-free and kernel crash. A local, privileged user could use this
flaw to cause a denial-of-service.


* Memory leak in ieee8015.4 driver error path when adding interface.

Incorrect reference counting in ieee8015.4 driver error path results in a
memory leak. A local, privileged user could use this flaw to exhaust memory
on the system and to cause a denial-of-service.


* NULL pointer dereference in VIA Rhine driver when resetting the card.

A flaw in the VIA Rhine driver code could result in a NULL pointer
dereference when resetting the ethernet controller. A local, unprivileged
user could potentially use this flaw to cause a denial-of-service.


* NULL pointer dereference in the IPv4 forwarding code for small MTU.

Missing check in the IPv4 forwarding code could result in a NULL pointer
dereference when setting a small MTU on non-IP capable netdevices. A local,
privileged user could use this flaw to cause a denial-of-service.


* Memory leaks in TCP early demux.

Incorrect reference counting on a socket when using TCP early demux leads
to memory leaks. A local, unprivileged user could use this flaw to cause a
denial-of-service.


* CVE-2013-6885: Denial-of-service on AMD processors.

Under a highly specific and detailed set of internal timing conditions, a
locked instruction may trigger a timing sequence whereby the write to a
write combined memory type is not flushed, causing the locked instruction
to stall indefinitely. A local, unprivileged user could use this flaw to
cause a denial-of-service.


* Kernel crash in macvtap packet reception.

Macvtap could cause host lockups when virtual guests using a macvtap
interface is present.


* Kernel crash in memory control group teardown+swapin race.

A race condition between memcg teardown and swapin could lead to a
kernel crash which an attacker could use to cause a denial of service.


* Kernel crash in device mapper for thin objects.

Incorrect initialization of device-mapper thinly provisioned storage
devices could cause accesses to invalid memory addresses resulting in
memory corruption or a kernel crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.