[Ksplice][Ubuntu-14.04-Updates] New Ksplice updates for Ubuntu 14.04 Trusty (USN-3381-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Tue Aug 8 07:53:26 PDT 2017 

Synopsis: USN-3381-1 can now be patched using Ksplice
CVEs: CVE-2016-8405 CVE-2017-1000364 CVE-2017-1000365 CVE-2017-2618 CVE-2017-7482

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3381-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 14.04
Trusty install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-2618: Information leak in SELinux attribute handling.

An off-by-one error in SELinux attribute handling can cause sensitive
information to be leaked from the kernel. A local attacker could use
this flaw to facilitate an exploit.


* CVE-2016-8405: Information leak via frame buffer color map.

An out-of-bounds read when copying frame buffer color maps to userspace
could potentially expose kernel memory to an unprivileged userspace
application.


* CVE-2017-1000365: Local security bypass when performing exec.

A logic error allows an unprivileged local user to bypass arguments and
environmental strings size limit when performing exec syscall. An
attacker can exploit this to exhaust kernel memory which may lead to
privilege escalation.


* CVE-2017-7482: Memory corruption when decoding Keberos 5 ticket.

A boundary condition error when decoding Keberos 5 tickets using the
RXRPC keys leads to local buffer overflow. This could lead to memory
corruption and possible privilege escalation.


* Improved fix to CVE-2017-1000364 to allow stack expansion close to userspace guard.

Some userspace applications like the Java Virtual Machine are trying to
implement a stack guard area manually by using a fixed mapping which,
together with the original Ubuntu fix for CVE-2017-1000364, prevents stack
expansion when it shouldn't have.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-14.04-updates mailing list