[Ksplice][Ubuntu-14.04-Updates] New updates available via Ksplice (USN-2634-1)

Wed Jun 10 20:06:59 PDT 2015

Synopsis: USN-2634-1 can now be patched using Ksplice
CVEs: CVE-2015-3636 CVE-2015-4036

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2634-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 14.04 Trusty
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Kernel crash in physical to virtual reverse mapping lookup.

Incorrect error handling when adjusting a virtual memory area could
result in integer underflow and a crash in the address reverse mapping
code.

* Data corruption on hfsplus filesystem when inserting node at position zero.

A logic error in the hfsplus filesystem driver leads to on-disk data
corruption when inserting a node at position zero.

* Use-after-free in Industrial I/O core error handling.

Incorrect error handling in the Industrial I/O device registration
function could result in a double-free and kernel crash.

* Use-after-free in CIFS page writing during intermittent network connectivity.

Incorrect error handling during loss of network connection could result
in a use-after-free when writing pages on a CIFS filesystem.

* NULL pointer dereference in Analog Devices IMU SPI driver.

Missing reference counting could result in a NULL pointer dereference in
the Analog Devices IMU SPI driver during removal if the trigger was
changed.

* Use-after-free in network namespace device moving.

Incorrect linked list manipulation could result in a use-after-free and
kernel crash when moving devices between namespaces.

* Kernel panic in ServerEngines iSCSI BladeEngine 2 initialization failure.

An incorrect call to remove the device in the error handling path could
result in a kernel crash when a BladeEngine 2 device failed to
initialize.

* Kernel crash in SCSI devices during unplug.

Incorrect handling of unoperational links could result in accessing a
device when it should not be possible to do so.  This could result in an
invalid pointer dereference and kernel crash.

* OCFS2 file corruption for files opened with O_APPEND.

The OCFS2 filesystem was incorrectly synchronizing files opened with
O_APPEND.  This could result in data corruption under specific
conditions.

* Kernel hang in Realtek 8139 ethernet driver.

The Realtek 8139 ethernet driver was calling a function not intended to
run in interrupt context in its interrupt handler. In certain cases, this
could lead to the kernel hanging.

* Kernel hang in Realtek 8169 ethernet driver.

The Realtek 8169 ethernet driver was calling a function not intended to
run in interrupt context in its interrupt handler. In certain cases, this
could lead to the kernel hanging.

* Kernel hang in Broadcom NX2 network driver.

The Broadcom NX2 ethernet driver was calling a function not intended to
run in interrupt context in its interrupt handler. In certain cases, this
could lead to the kernel hanging.

* Kernel hang in Broadcom Tigon3 ethernet driver.

The Broadcom Tigon3 ethernet driver was calling a function not intended to
run in interrupt context in its interrupt handler. In certain cases, this
could lead to the kernel hanging.

* Kernel hang in Intel PRO 10GbE ethernet driver.

The Intel PRO 10GbE ethernet driver was calling a function not intended to
run in interrupt context in its interrupt handler. In certain cases, this
could lead to the kernel hanging.

* Deadlock during packet transmission in Emulex BladeEngine driver.

A locking error in the be2net driver could in rare circumstances cause
a deadlock during packet transmission.

* Kernel panic in IPv4 forwarding of timewait sockets.

The kernel IPv4 stack does not correctly handle forwarding data from
timewait sockets which can trigger an assertion failure and kernel
panic.

* Deadlock when sending IPv4 FIN packets.

The kernel IPv4 stack can deadlock causing a kernel panic when
transmitting IPv4 FIN packets under high memory pressure.

* CVE-2015-3636: Memory corruption when unhashing IPv4 ping sockets.

The kernel IPv4 subsystem does not correctly handle unhashing a ping
socket which can trigger kernel memory corruption. A local user can use
this flaw to gain elevated privileges.

* Kernel hang in network bonding driver.

The bonding driver was calling a function not intended to run in interrupt
context in its interrupt handler.  In certain cases, this could lead to the
kernel hanging.

* CVE-2015-4036: Memory corruption in Virtual host SCSI driver.

Incorrect input validation in the Virtual host SCSI driver when checking an
array index could lead to an out of bounds memory access and memory
corruption.  A local, privileged user could use this flaw to cause a
denial-of-service or potentially escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.