[Ksplice][Ubuntu-14.04-Updates] New updates available via Ksplice (3.13.0-65.105)
Oracle Ksplice
ksplice-support_ww at oracle.com
Mon Sep 28 13:23:43 PDT 2015
Synopsis: 3.13.0-65.105 can now be patched using Ksplice
CVEs: CVE-2015-5697
Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.13.0-65.105.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 14.04 Trusty
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2015-5697: information leak in RAID/LVM GET_BITMAP_FILE ioctl().
Missing initialization of the buffer used for reading bitmaps could
result in leaking up to 4095 of kernel heap memory to userspace. A
local user with access to an MD device could use this flaw to gain
information about kernel layout.
* NULL pointer dereference in USB XHCI endpoint creation.
Incorrect handling of cached rings during XHCI endpoint creation could
result in a NULL pointer dereference and kernel crash.
* Kernel panic when queueing commands to IBM Power RAID driver.
A race condition caused by incorrect locking in the IBM Power RAID
driver can trigger a kernel panic when removing devices from a RAID
controller.
* Memory corruption in IBM Power RAID driver.
Incorrect logic in the IBM Power RAID tracing support can trigger an
out-of-bounds write causing kernel memory corruption and a kernel panic.
* Memory corruption when receiving datagram packets.
Incorrect reference counting can cause a double-free and kernel panic
when peeking received datagram packets, such as the UDP and netlink
protocols.
* Kernel panic in IP virtual server syncing.
A logic error in the kernel IP virtual server support can trigger a
kernel panic when synchronizing a connection using version 0 of the sync
protocol.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-14.04-updates
mailing list