[Ksplice][Ubuntu-14.04-Updates] New updates available via Ksplice (3.13.0-63.103)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Sep 3 13:00:34 PDT 2015
Synopsis: 3.13.0-63.103 can now be patched using Ksplice
CVEs: CVE-2015-5707
Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.13.0-63.103.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 14.04 Trusty
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2015-5707: Privilege escalation in generic SCSI character device.
An integer overflow in the SCSI generic driver in the Linux kernel could
allow a local user with write permission on a SCSI generic device to
escalate privileges.
* BTRFS data loss during append writes and hard links.
Under specific conditions, appending to a file after creating a hard
link could result in loss of the appended data.
* NULL pointer dereference in OS/2 HPFS filesystem remount.
Remounting an HPFS filesystem under low-memory conditions could result
in a NULL pointer dereference and kernel crash.
* Delayed inode freeing in directory cache.
A bug in the dcache code when using file handles could cause inodes to
remain on disk (taking up space) indefinitely after deletion. A
malicious local user could use this to fill up a filesystem.
* Denial-of-service in BTRFS extent_same ioctl().
A missing memory free() could result in a memory leak and memory
exhaustion when performing the extent_same ioctl() on a BTRFS
filesystem. A local user with access to the filesystem device could use
this flaw to trigger a denial-of-service.
* Denial-of-service in network device queue allocation.
A kernel assertion could be triggered from user-space when adding a
network device. A local, privileged user could use this flaw to crash
the system.
* Denial-of-service in Distributed Switch Architecture device probing.
Missing range checks when probing a DSA device from a Device Tree could
result in an out-of-bounds access. Malicious firmware or a privileged
user could use this flaw to crash the system.
* Denial-of-service in BTRFS inode cache during deletion.
Missing locking during inode unpinning could result in memory
corruption. A local user with access to the BTRFS filesystem could use
this flaw to trigger a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-14.04-updates
mailing list