[Ksplice][Ubuntu-14.04-Updates] New updates available via Ksplice (USN-2563-1)

[Oracle Ksplice]

Synopsis: USN-2563-1 can now be patched using Ksplice
CVEs: CVE-2015-1421 CVE-2015-1465 CVE-2015-1593 CVE-2015-2041 CVE-2015-2042

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2563-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 14.04 Trusty
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2015-1421: Privilege escalation in SCTP INIT collisions.

Missing reference counting could result in a use-after-free during an
INIT collision when establishing an SCTP socket.  A remote attacker
could use this flaw to trigger a denial-of-service or potentially gain
privileges.


* CVE-2015-1465: Denial of service in IPv4 packet forwarding.

A remote user can trigger a denial-of-service by sending a large number
of packets needing redirection which triggers high CPU load.


* CVE-2015-1593: Stack layout randomization entropy reduction.

A flaw in the the stack base randomization code could result in a
reduction of entropy by a factor of four.  An attacker could use this
flaw to reduce the amount of work needed to bypass ASLR.


* CVE-2015-2041: Information leak in 802.2 LLC sysctl interface.

The 802.2 Link Layer type 2 subsystem uses an incorrect length when
returning data to userspace from the sysctl interface, allowing
userspace processes to disclose the contents of kernel memory.


* CVE-2015-2042: Information leak in the Reliable Datagram Socket protocol.

A flaw in the handling of userspace tuning for the Reliable Datagram Socket
(RDS) protocol leads to an information leak when reading from the sysctl
files. A local, privileged user could use this flaw to gain knowledge about
the running kernel, potentially facilitating an attack.


* Deadlock in NFS when performing direct IO to regular file.

Direct IO is only supported on NFS mounts when writing to a swapfile. An
attempt to perform direct IO on a regular file will trigger a deadlock
and kernel panic.


* Kernel panic in NFSv4 client state recovery.

Attempting state recovery on an partially initialised NFSv4 client can
trigger memory corruption and a kernel panic.


* Resource leak in when unmapping Rados Block Device filesystem.

Incorrect reference counting in the Rados Block Device (RBD) filesystem
driver can cause a resource leak when unmapping a filesystem that has
been cloned.


* Kernel panic in Multiple Device (RAID and LVM) metadata cache.

The metadata cache used by the Multiple Device (MD) driver uses an
invalid pointer when an error occurs triggering a kernel panic.


* NULL pointer dereference during hotplug CPU offline.

A race condition when hotplugging a CPU could result in failure to
initialize a percpu thread, causing a NULL pointer dereference when the
CPU was later offlined.


* Resource leak in GPIO during sysfs accesses.

Multiple call sites in the GPIO sysfs handling code failed to put
resources on exit.  This could result in failure to remove devices and
memory leaks.


* Userspace memory corruption on page walks.

Incorrect handling of mapped files that had not been written to could
result in reading incorrect data when performing a page walk such as
reading /proc/pid/mem.


* NULL pointer dereference in Btrfs filesystem when creating a new device.

A race condition in the Btrfs filesystem when creating a new device could
lead to a NULL pointer dereference and kernel crash.  A local, privileged
user could use this flaw to cause a denial-of-service.


* Memory leak in the BSD Packet Filter when preparing filters.

Missing input validation on the lengths read from userspace could cause a
memory leak.  A local, privileged user could use this flaw to exhaust the
memory on the system and cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.