[Ksplice][Ubuntu-14.04-Updates] New updates available via Ksplice (3.13.0-65.105)

Oracle Ksplice ksplice-support_ww at oracle.com
Mon Sep 28 13:23:43 PDT 2015 

Synopsis: 3.13.0-65.105 can now be patched using Ksplice
CVEs: CVE-2015-5697

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.13.0-65.105.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 14.04 Trusty
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2015-5697: information leak in RAID/LVM GET_BITMAP_FILE ioctl().

Missing initialization of the buffer used for reading bitmaps could
result in leaking up to 4095 of kernel heap memory to userspace.  A
local user with access to an MD device could use this flaw to gain
information about kernel layout.


* NULL pointer dereference in USB XHCI endpoint creation.

Incorrect handling of cached rings during XHCI endpoint creation could
result in a NULL pointer dereference and kernel crash.


* Kernel panic when queueing commands to IBM Power RAID driver.

A race condition caused by incorrect locking in the IBM Power RAID
driver can trigger a kernel panic when removing devices from a RAID
controller.


* Memory corruption in IBM Power RAID driver.

Incorrect logic in the IBM Power RAID tracing support can trigger an
out-of-bounds write causing kernel memory corruption and a kernel panic.


* Memory corruption when receiving datagram packets.

Incorrect reference counting can cause a double-free and kernel panic
when peeking received datagram packets, such as the UDP and netlink
protocols.


* Kernel panic in IP virtual server syncing.

A logic error in the kernel IP virtual server support can trigger a
kernel panic when synchronizing a connection using version 0 of the sync
protocol.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-14.04-updates mailing list