[Ksplice][Ubuntu-14.04-Updates] New Ksplice updates for Ubuntu 14.04 Trusty (USN-3406-1)

Wed Aug 30 00:47:14 PDT 2017

Synopsis: USN-3406-1 can now be patched using Ksplice
CVEs: CVE-2016-7914 CVE-2017-1000112 CVE-2017-7261 CVE-2017-7273 CVE-2017-7487 CVE-2017-7495 CVE-2017-7616

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3406-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 14.04
Trusty install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2017-7487: Use-after-free in IPX reference count handling.

A reference count leak in the IPX ioctl handler can result in a
reference count overflow leading a use-after-free. A local attacker
could use this flaw to crash the kernel or escalate privileges.

* CVE-2017-7273: Denial-of-service in Crypress USB HID driver.

A missing check in Crypress USB HID driver when parsing usb descriptors
could lead to an out of bounds access. An attacker with physical access
to the machine could use this flaw to cause a denial-of-service.

* CVE-2017-7261: Denial-of-service when creating surface using DRM driver for VMware Virtual GPU.

A missing parameter check when using "surface define" ioctl of DRM
driver for VMware Virtual GPU could lead to a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.

* CVE-2017-7616: Information leak when setting memory policy.

A missing check when setting memory policy through set_mempolicy()
syscall could lead to a stack data leak. A local attacker could use this
flaw to leak information about running kernel and facilitate an attack.

* CVE-2016-7914: Memory corruption when inserting data into associative arrays.

A logic error in the generic associative array module can trigger an
out-of-bounds read when inserting a new member. This can be triggered,
for example, by inserting a new cryptographic key into the kernel's
keyring.

* CVE-2017-7495: Information leak when ext4 ordered data mode is used.

A logic error when flushing data to be written to an ext4 filesystem
could lead to information leak. A local attacker could use this flaw to
read any other files and escalate privileges.

* Improved fix for CVE-2017-1000112: Privilege escalation using the UDP Fragmentation Offload (UFO) code.

Multiple missing checks on headers length when using UDP Fragmentation
Offload (UFO) protocol while sending packets could lead to out-of-bounds
accesses. A local attacker with CAP_NET_RAW capability, or on a system
with unprivileged namespace enabled, could use this flaw to cause a
denial-of-service or execute arbitrary code.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.