[Ksplice][Ubuntu-14.04-Updates] New updates available via Ksplice (3.13.0-66.108)

Mon Oct 19 17:35:15 PDT 2015

Synopsis: 3.13.0-66.108 can now be patched using Ksplice
CVEs: CVE-2015-0272 CVE-2015-5156 CVE-2015-6937 CVE-2015-7312

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.13.0-66.108.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 14.04 Trusty
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Data loss when reshaping RAID10 volume.

A logic error when calculating metadata can trigger data loss when
resizing a RAID10 volume.

* CVE-2015-0272: Remote denial-of-service in IPv6 address autoconfiguration.

Incorrect handling of MTU sysctl setting for an IPv6 device could allow
a remote attacker to trigger packet loss and a denial-of-service under
certain system configurations.

* CVE-2015-5156: Denial-of-service in Virtio network device.

Incorrect handling of fragmented socket buffers could result in a buffer
overflow when performing receive offload under specific conditions.  A
local, unprivileged user could use this flaw to crash the system.

* CVE-2015-6937: NULL pointer dereference in RDS socket creation.

Failure to check for binding to a transport could result in a NULL
pointer dereference when creating an RDS socket.  A local, unprivileged
user could use this flaw to crash the system.

* Kernel panic when encoding NFSv4 security label.

The kernel NFSv4 server does not correctly support encoding security
labels in file attributes which can trigger an assertion failure and
kernel panic. A remote attacker could use this flaw to cause a denial of
service.

* Kernel BUG in Xen front-end block device driver.

A logic error in the Xen front-end block device driver could in certain
circumstances cause a kernel BUG while freeing the block device.

* Deadlock when reclaiming pages from page cache.

The pagecache does not correctly handle reclaiming pages from the
filesystem cache which can lead to a deadlock under low memory
conditions.

* Use-after-free in filesystem notification marking.

Incorrect locking in the filesystem notification (fsnotify) subsystem
can trigger a use-after-free condition and kernel panic when marking
groups.

* Infinite loop during connection teardown iSCSI library code.

Incorrect locking in the iSCSI library code could cause the kernel to
enter an infinite loop.

* Double free in FibreChannel library code.

In certain circumstances, receiving a local port request could cause a
double free and subsequent kernel crash.

* Kernel BUG in FibreChannel library code during SCSI device reset.

Incorrect locking in FibreChannel library code could cause a reschedule
while a spinlock was held, thus potentially causing either a kernel
assertion failure or a deadlock. A malicious local user with access to
the SCSI device could use this to cause denial of service.

* Use-after-free in IPC semaphores during task exit.

Due to incorrect locking, two tasks with shared IPC semaphore references
could exit and simultaneously try to free the semaphores. This could lead
to a use-after-free and memory corruption, allowing a malicious local user
to cause denial of service.

* Kernel crash in Batman translation table removal.

Missing locking could result in memory corruption when removing entries
from the translation table.  Under specific conditions, this could
result in a kernel crash.

* Denial-of-service in IP datagram socket connection.

Missing locking when creating an IP datagram socket could result in list
corruption.  A local, unprivileged user could use this flaw to trigger a
denial-of-service.

* Denial-of-service in Netlink mmapped socket release.

Incorrect locking could result in deadlock when releasing a netlink
socket that was mmapped.  A local, unprivileged user could use this flaw
to crash the system.

* Kernel crash in IPC semaphores when waiting on semaphore array.

A missing memory barrier could allow certain memory accesses to happen
outside the intended critical section. A malicious local user could
potentially use this to cause invalid memory accesses and denial of
service.

* Use-after-free in MD block driver array stopping.

Failure to flush a workqueue during array stop could result in a
use-after-free and kernel crash.

* CVE-2015-7312: Denial-of-service in Advanced multi layered unification filesystem mmap().

Incorrect reference counting performing an madvise() or mmap() on an
aufs file could result in a race condition.  A local user with access to
the AUFS filesystem could use this flaw to crash the system, or
potentially, escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.