[Ksplice][Ubuntu-14.04-Updates] New Ksplice updates for Ubuntu 14.04 Trusty (USN-3127-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Fri Nov 11 05:33:10 PST 2016 

Synopsis: USN-3127-1 can now be patched using Ksplice
CVEs: CVE-2014-9904 CVE-2015-3288 CVE-2015-7833 CVE-2016-3961 CVE-2016-7042

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3127-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 14.04
Trusty install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-3961: Xen PV guest crash when using HugeTLBFS.

HugeTLBFS is not supported on Xen PV guests and leads to a kernel crash
when an application tries to mmap() a Huge TLB.  A local user with the
ability to mmap() Huge TLB pages in a Xen PV guest can cause a
denial-of-service of the guest.


* CVE-2014-9904: Integer overflow in the ALSA compression offload.

A logic error in the ALSA compression offload feature could lead to an
integer overflow and denial-of-service.  A local user could use this flaw
to cause a denial-of-service or potentially escalate privileges.


* Improved fix to CVE-2015-7833: Denial-of-service when probing USBvision device.

The original fix for CVE-2015-7833 could result in leaking references to
USB devices or a use-after-free and a kernel crash.


* CVE-2015-3288: Privilege escalation in page fault handling.

A bug in the kernel page fault handling could result in allowing
modification of the zero page.  A local, unprivileged user could use
this flaw to trigger a denial-of-service, or potentially, gain code
execution and escalate privileges.


* CVE-2016-7042: Denial-of-service when reading /proc/keys.

A local, unprivileged user can cause a denial-of-service due to kernel
stack corruption when reading from /proc/keys


SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-14.04-updates mailing list