[Ksplice][Ubuntu-14.04-Updates] New updates available via Ksplice (3.13.0-45.74)

[Oracle Ksplice]

Synopsis: 3.13.0-45.74 can now be patched using Ksplice

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.13.0-45.74.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 14.04 Trusty
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use-after-free in VXLAN encapsulation bypass.

A bug in the vxlan code could cause an skb structure to be used
after it is freed in the vxlan encapsulation bypass code.  This
could cause a kernel panic.


* Use-after-free with ipv4 tunnel headers.

A bug in the ipv4 tunneling code could lead to a use-after-free
within the skb structure.  This could cause a kernel panic.


* Memory leak in ipv4 unicast reply.

Improper error handling in the ipv4 code could lead to leaked memory
when an error occurs while sending a unicast reply.  A malicious user
could use this to cause a denial of service.


* Memory leak in SCTP authentication key management.

Incorrect reference counting when setting the SCTP_AUTH_KEY socket option
on an SCTP socket leads to a memory leak of sensitive keying materials.

A local, unprivileged user could use this flaw to exhaust the memory on the
system and cause a denial-of-service. An attacker with memory read access
could also later gain sensitive information about the keys.


* Kernel panic in emulated low-rate wireless personal area network.

A flaw in the fake LR-WPAN driver leads to unregistering a network device
before its registration in certain circumstances. This could lead to a
kernel panic and denial-of-service.


* Information leak in point-to-point tunneling protocol.

A lack of on-stack structure initialization in the ppptp_getname() function
leads to leaking 16 bytes of kernel stack to userspace when using
getsockname(). This information could be used to facilitate an attack on
the running kernel.


* Deadlock in Novell networking protocol when using recvmsg.

Incorrect locking in the Novell networking protocol (IPX) recvmsg function
causes a deadlock when waiting for new data.


* Memory corruption in SUNRPC stack when handling channel reply receive.

Incorrect locking in the SUNRPC stack when handling a channel reply receive
could lead to race condition when looking up a request buffer, potentially
leading to a memory corruption and kernel panic.  An attacker could use
this flaw to cause a denial-of-service.


* Memory corruption in QLogic NetXtreme II FCoE driver.

A logic error in the BNX2FC driver leads to an early removal of a shared
socket buffer, and corruptions of the other references. An attacker could
use this flaw to cause a denial-of-service.


* Data loss in frontswap page invalidation.

If the kernel frontswap subsystem fails to store a newer version of a
swap page then data corruption can occur leading to data loss.


* Use-after-free in netlink routing interface.

The kernel netlink routing interface does not correctly release
resources when a permissions error is encountered leading to a
use-after-free condition and kernel panic.


* Kernel panic in transmission of tunnelled SCTP packets.

The kernel SCTP stack does not correctly allocate memory for SCTP
packets which are sent via a tunnel which can trigger an assertion and
kernel panic.


* NULL pointer dereference in Virtual eXtensible LAN over IPv6.

A flaw in the Virtual eXtensible LAN kernel driver could lead to a NULL
pointer dereference when creating a VXLAN over IPv6 if another VXLAN has
the same source port in use over IPv4. A local, privileged user could use
this flaw to crash the kernel and cause a denial-of-service.


* Predictable IPv6 fragment IDs with Virtio UFO packets.

UDPv6 with offloading enabled on a virtio device would have a static
fragment ID of 0.  A remote attacker could use this to gain information
about the host or potentially perform a denial-of-service.


* Information leak with btrfs compression streams.

Incorrect handling of compression streams that might return less data
than expected could result in leaking the contents of kernel heap memory
to userspace.  A maliciously crafted filesystem image could be used to
leak kernel information.


* Use after free in VXLAN socket release.

Incorrect reference counting when releasing a VXLAN socket can lead to a
use after free condition and kernel panic. A local user could use this
flaw to trigger kernel memory corruption and escalate their privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.