[Ksplice][Ubuntu-14.04-Updates] Early update for remote code execution over UDP (CVE-2016-10229)
Gregory Herrero
gregory.herrero at oracle.com
Tue Apr 11 01:47:34 PDT 2017
Synopsis: Early update for remote code execution over UDP (CVE-2016-10229)
We felt it's important to ship this update early, before distributions
released kernels that fix the problem, because our audit showed that we
have a large number of customers vulnerable to this issue.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 14.04
Trusty install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2016-10229: Remote code execution when receiving UDP packet with short buffers.
Incorrect handling of checksums for short receive buffers could result
in applications failing to receive data from a UDP socket. A remote
attacker could use this flaw to execute arbitrary code.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-14.04-updates
mailing list