[Ksplice][Ubuntu-14.04-Updates] New updates available via Ksplice (USN-2823-1)

[Oracle Ksplice]

Synopsis: USN-2823-1 can now be patched using Ksplice
CVEs: CVE-2015-7872

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2823-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 14.04 Trusty
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Data corruption in ext4 hole punching with indirect mappings.

Under specific conditions, ext4 filesystems could experience data loss
when using FALLOC_FL_PUNCH_HOLE on files.


* Kernel crash in 80211 mesh network transmission.

Incorrect handling of peering state could result in a kernel crash when
transmitting frames on a network with fixed mesh paths and all stations
had not yet completed peering.


* Invalid memory free in device resource management.

A logic error in the device resource management code could cause the
wrong pointer to be freed, possibly crashing the kernel. A malicious
local user with device configuration privileges could use this to cause
denial of service.


* Denial-of-service in unshare() with CLONE_VM.

A logic error in unshare() could allow a local user with access to
/proc/PID/maps to prevent unshare() calls from succeeding, resulting in
a denial-of-service.


* Denial-of-service in multiqueue block pending request list sysfs attribute.

Missing bounds checking could result in overfilling a sysfs buffer when
displaying the pending requests for a multiqueue block device.  A local
user with access to the sysfs attributes could use this flaw to trigger
a denial-of-service under specific conditions.


* Remote denial-of-service in NFS migration recovery for NFS v4.2.

Missing migration recovery operations for NFS v4.2 mounts could result
in a NULL pointer dereference when accessing a mount that was exported
with a "refer=" export option.  An attacker with access to the NFS
server could use this flaw to remotely crash the client.


* Denial of service when mounting currupt XFS filesystem.

Missing validation of disk blocks in the XFS filesystem could cause
filesystem junk entries and break userspace expectations of filesystem
semantics. A malicious local user with mounting privileges could
potentially use this to cause denial of service.


* Filesystem corruption in BTRFS transaction completion.

Incorrect handling of aborted transactions could result in filesystem
corruption under specific conditions.


* Invalid memory accesses in accelerated GHASH crypto algorithm.

Due to an incorrectly specified context size, the kernel would allocate
too little memory for the GHASH context and possibly access invalid
memory. A local user could potentially use this to cause denial of
service or escalate privileges.


* Kernel crash in HFS B-tree insertion.

Inserting a new record in an HFS B-tree at position 0 could corrupt the
tree resulting in either filesystem corruption or a kernel crash.


* NULL pointer dereference in MMC request completions.

A race condition in MMC request completion could result in a NULL
pointer dereference and kernel crash under specific conditions.


* CVE-2015-7872: Denial-of-service when garbage collecting uninstantiated keyring.

A logic error in the security keyring subsystem leads to a kernel crash
when garbage collecting a un-instantiated keyring.  A local, un-privileged
user can use this flaw to cause a denial-of-service.


* Privilege escalation in CIFS copy offload ioctl.

Under specific conditions, an attacker with access to a CIFS filesystem
mounted with version >= 2.0 could use this flaw to gain code execution
inside the kernel and escalate privileges.


* Denial-of-service in BTRFS special file writing.

Incorrect handling of special files including device nodes could result
in a kernel panic when evicting inodes.  A local, privileged user with
permission to create device nodes could use this flaw to crash the
system.


* Kernel hang in IPv6 multicast router addition.

Incorrect handling of IPv6 multicast router iteration could result in
failure to acquire a lock and a kernel deadlock.


* Kernel crash in memory mapped netlink sockets with TAP devices.

Incorrect handling of packets for a memory mapped netlink socket could
result in a kernel crash.  A local, privileged user could use this flaw
to crash the system.


* Improperly escaped output in procfs files.

Lack of quoting in procfs files could cause userspace programs to
misinterpret the contents of these files. A malicious local user
could possibly use this to manipulate certain procfs files (and thereby
also manipulate other programs reading these files).


* Sensitive information leak in process coredumps.

Filesystem handling code in coredump writing had a number of flaws that
could allow a local attacker to read the contents of a coredump for a
process that they did not own.  This could leak potentially sensitive
information to a user that should not have access.


* Memory corruption in NFSv3 server when mounted over UDP.

The kernel NFSv3 server does not correctly allocate memory when a client
attempts to mount a NFS share over UDP. An authenticated remote user
could use this flaw to possibly gain kernel code execution.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.