[Ksplice][Ubuntu-14.04-Updates] New updates available via Ksplice (3.13.0-48.80)

Tue Mar 24 01:32:50 PDT 2015

Synopsis: 3.13.0-48.80 can now be patched using Ksplice
CVEs: CVE-2013-7421 CVE-2014-7822 CVE-2014-8086 CVE-2014-9644 CVE-2015-0274

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.13.0-48.80.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 14.04 Trusty
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2014-8086: Denial-of-service on ext4 filesystem.

A race condition in the ext4 filesystem when concurrently writing to a file
and changing its status flags to O_DIRECT could lead to a kernel BUG(). A
local attacker could use this flaw to cause a denial-of-service.

* CVE-2014-7822: Incorrect parameter validation in splice() system call.

An incorrect parameter validation in the splice() system call could allow
a local, unprivileged user to use this flaw to write past the maximum
file size, and thus crash the system.

* CVE-2013-7421: Arbitrary module loading by users in crypto API.

The kernel crypto API does not restrict which kernel modules can be
loaded automatically which allows users to load arbitrary kernel
modules. This allows an unprivileged user to increase the attack surface
of the kernel.

* CVE-2014-9644: Arbitrary module loading by users in crypto template API.

The kernel crypto API does not restrict which kernel modules can be
loaded automatically when requesting a crypto template which allows
users to load arbitrary kernel modules. This allows an unprivileged user
to increase the attack surface of the kernel.

* Multiple out-of-bounds memory accesses in UDF filesystem driver.

A lack of input validation in the UDF filesystem driver leads to multiple
out-of-bounds memory accesses and potentially to a kernel panic.  An
attacker could use a specially crafted filesystem to cause a
denial-of-service.

* Use-after-free in cryptographic algorithms when handling backlogged requests.

A logic error in the cryptographic algorithms driver could lead to an early
return to userspace when a request is still pending.  A local attacker
could use this flaw by closing its sockets causing the pending requests to
use freed memory, leading to a user-after-free and kernel panic.

* NULL pointer dereference in Keyspan SB driver.

A race condition when initializing a Keyspan USB serial device can
trigger a NULL pointer dereference and kernel panic.

* Deadlock when configuring line discipline of USB console device.

A kernel lock is not correctly initialized when a USB console device is
initialized. This can later trigger a deadlock when a user attempts to
configure a line discipline for the console device.

* Deadlock when unregistering pin control devices.

Incorrect locking when the kernel pin control (pinctrl) driver attempts
to unregister a device can trigger a deadlock and kernel panic.

* Deadlock in CIFS COPYCHUNK_FILE ioctl.

The CIFS filesystem COPYCHUNK_FILE ioctl does not validate that the file
descriptor arguments are regular files which can trigger a deadlock and
kernel panic.

* Kernel panic when flushing SFF ATA devices.

Incorrect locking when flushing Small Form Factor ATA devices can
trigger a BUG_ON and kernel panic.

* Integer overflow in adjtimex syscall.

The adjtimex syscall does not validate the 'freq' argument which can
allow a malicious local user to set the clock frequency to an invalid
value.

* CVE-2015-0274: Privilege escalation in XFS remote attribute setting

XFS didn't correctly handle setting remote attributes, this allowed
an unprivileged user to corrupt memory and possibly gain privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.