[Ksplice][Ubuntu-14.04-Updates] New updates available via Ksplice (USN-2989-1)

[Oracle Ksplice]

Synopsis: USN-2989-1 can now be patched using Ksplice
CVEs: CVE-2016-2069 CVE-2016-2117 CVE-2016-2187 CVE-2016-3672 CVE-2016-3951 CVE-2016-3955 CVE-2016-4485 CVE-2016-4486 CVE-2016-4581

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2989-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 14.04 Trusty
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Improved fix to CVE-2016-3951: Use-after-free in USB networking bind failure.

The original vendor fix for CVE-2016-3951 did not include all patches.
A race condition between probing a USB network device and error handling
could result in a use-after-free condition and kernel crash.


* CVE-2016-3955: Privilege escalation in IP over USB driver.

Missing user supplied input validation could result in an out-of-bounds
write allowing a local user to crash the system or potentially escalate
privileges.


* CVE-2016-3672: ASLR bypass on 32-bit processes.

Enabling an unlimited stack size would completely disable ASLR for
process with the limit applied.  A local user could use this flaw to
reduce the security of a setuid/setgid application.


* CVE-2016-2187: Denial of service in GTCO CallComp/InterWrite USB descriptor parsing.

A logic error in the GTCO CallComp/InterWrite USB driver can allow a
malformed USB descriptor with zero endpoints to trigger a NULL pointer
dereference and kernel panic.


* CVE-2016-2069: Race condition in the TLB flush logic on multi-processors.

A race condition in the TLB flush logic when modifying paging structures
could lead to stale entries in the local TLB after switching to a new
process.  A local attacker could use this flaw to cause a denial-of-service
or potentially escalate privileges.


* CVE-2016-4485: Information leak in LLC message processing.

The Logical Link Layer networking driver does not initialize memory when
processing ancillary data requests to an LLC socket which leaks the
contents of kernel memory to userspace. A local user could use this flaw
to infer the layout of kernel memory.


* CVE-2016-4486: Information leak in routing netlink interface.

The netlink interface for querying network routing information does not
initialize memory which leaks the contents of kernel memory to userspace.
A local user could use this flaw to infer the layout of kernel memory.


* CVE-2016-4581: Denial-of-service in slave mount propagation.

Incorrect handling of mount propagation could result in a NULL pointer
dereference.  A local, unprivileged user could use this flaw to crash
the system.


* CVE-2016-2117: Information leak in Atheros ATL2 transmission.

The Atheros ATL2 driver advertised features that weren't supported by
the hardware and this could result in a buffer overflow, leaking the
contents of kernel memory into transmitted packets.


* Memory corruption in KVM 64-bit bit operation emulation.

Incorrect operand handling for bit operation instructions could result
in accessing the incorrect memory location.  A local, unprivileged user
could use this flaw to crash the system.


* Denial-of-service in USB device reset.

Memory corruption during device reset could result in a kernel crash
when a USB device was active.  A user with physical access to the system
could use this flaw to crash the system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.