[Ksplice][Ubuntu-14.04-Updates] New updates available via Ksplice (3.13.0-45.74)
Oracle Ksplice
ksplice-support_ww at oracle.com
Sat Jan 31 05:43:26 PST 2015
Synopsis: 3.13.0-45.74 can now be patched using Ksplice
Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.13.0-45.74.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 14.04 Trusty
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Use-after-free in VXLAN encapsulation bypass.
A bug in the vxlan code could cause an skb structure to be used
after it is freed in the vxlan encapsulation bypass code. This
could cause a kernel panic.
* Use-after-free with ipv4 tunnel headers.
A bug in the ipv4 tunneling code could lead to a use-after-free
within the skb structure. This could cause a kernel panic.
* Memory leak in ipv4 unicast reply.
Improper error handling in the ipv4 code could lead to leaked memory
when an error occurs while sending a unicast reply. A malicious user
could use this to cause a denial of service.
* Memory leak in SCTP authentication key management.
Incorrect reference counting when setting the SCTP_AUTH_KEY socket option
on an SCTP socket leads to a memory leak of sensitive keying materials.
A local, unprivileged user could use this flaw to exhaust the memory on the
system and cause a denial-of-service. An attacker with memory read access
could also later gain sensitive information about the keys.
* Kernel panic in emulated low-rate wireless personal area network.
A flaw in the fake LR-WPAN driver leads to unregistering a network device
before its registration in certain circumstances. This could lead to a
kernel panic and denial-of-service.
* Information leak in point-to-point tunneling protocol.
A lack of on-stack structure initialization in the ppptp_getname() function
leads to leaking 16 bytes of kernel stack to userspace when using
getsockname(). This information could be used to facilitate an attack on
the running kernel.
* Deadlock in Novell networking protocol when using recvmsg.
Incorrect locking in the Novell networking protocol (IPX) recvmsg function
causes a deadlock when waiting for new data.
* Memory corruption in SUNRPC stack when handling channel reply receive.
Incorrect locking in the SUNRPC stack when handling a channel reply receive
could lead to race condition when looking up a request buffer, potentially
leading to a memory corruption and kernel panic. An attacker could use
this flaw to cause a denial-of-service.
* Memory corruption in QLogic NetXtreme II FCoE driver.
A logic error in the BNX2FC driver leads to an early removal of a shared
socket buffer, and corruptions of the other references. An attacker could
use this flaw to cause a denial-of-service.
* Data loss in frontswap page invalidation.
If the kernel frontswap subsystem fails to store a newer version of a
swap page then data corruption can occur leading to data loss.
* Use-after-free in netlink routing interface.
The kernel netlink routing interface does not correctly release
resources when a permissions error is encountered leading to a
use-after-free condition and kernel panic.
* Kernel panic in transmission of tunnelled SCTP packets.
The kernel SCTP stack does not correctly allocate memory for SCTP
packets which are sent via a tunnel which can trigger an assertion and
kernel panic.
* NULL pointer dereference in Virtual eXtensible LAN over IPv6.
A flaw in the Virtual eXtensible LAN kernel driver could lead to a NULL
pointer dereference when creating a VXLAN over IPv6 if another VXLAN has
the same source port in use over IPv4. A local, privileged user could use
this flaw to crash the kernel and cause a denial-of-service.
* Predictable IPv6 fragment IDs with Virtio UFO packets.
UDPv6 with offloading enabled on a virtio device would have a static
fragment ID of 0. A remote attacker could use this to gain information
about the host or potentially perform a denial-of-service.
* Information leak with btrfs compression streams.
Incorrect handling of compression streams that might return less data
than expected could result in leaking the contents of kernel heap memory
to userspace. A maliciously crafted filesystem image could be used to
leak kernel information.
* Use after free in VXLAN socket release.
Incorrect reference counting when releasing a VXLAN socket can lead to a
use after free condition and kernel panic. A local user could use this
flaw to trigger kernel memory corruption and escalate their privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-14.04-updates
mailing list