[Ksplice][Ubuntu-14.04-Updates] New Ksplice updates for Ubuntu 14.04 Trusty (3.13.0-123.172)

Fri Jun 30 13:29:03 PDT 2017

Synopsis: 3.13.0-123.172 can now be patched using Ksplice
CVEs: CVE-2014-9940 CVE-2017-0605 CVE-2017-1000364 CVE-2017-7294 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242

Systems running Ubuntu 14.04 Trusty can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.13.0-123.172.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 14.04
Trusty install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2017-7294: Denial-of-service when defining surface using DRM driver for VMware Virtual GPU.

A missing parameter check when using "create surface" ioctl of DRM
driver for VMware Virtual GPU could lead to an integer overflow. A local
attacker could use this flaw to cause a denial-of-service.

* CVE-2017-0605: Privilege escalation when using kernel tracing subsystem.

Usage of strcpy() when using kernel tracing subsystem and retrieving
traced process command line could lead to a stack overflow. A local
attacker could use this flaw to execute arbitrary code in the kernel and
escalate privilege.

* CVE-2017-8890, CVE-2017-9076, CVE-2017-9077: Incorrectly copying list headers on socket clone causes denial-of-service.

When cloning sockets, several list headers are incorrectly copied to the
child sockets, which then leads to double-frees when both sockets are
closed, causing a kernel panic and denial-of-service.

* CVE-2017-9074: Information leak via ipv6 fragment header.

The header size of an ipv6 fragment is not properly checked, potentially
allowing an attacker to read out-of-bounds memory when attempting to
parse it, leaking information.

* CVE-2017-9075: Denial-of-service in SCTP IPv6 socket inheritance.

A failure to correctly initialize an SCTP socket during an accept() call
can later result in a double-free. A local, unprivileged attacker could
use this flaw to cause memory corruption or a kernel crash, resulting in
a denial-of-service.

* CVE-2017-9242: Out-of-bounds access in IPv6 packet transmission.

A logic error when aggregating IPv6 packets for transmission can result
in an out-of-bounds memory access. A local unprivileged attacker could
use this flaw to cause a denial-of-service.

* CVE-2014-9940: Use-after-free in regulator GPIO unregistration.

A logic error when unregistering a regulator can result in a
use-after-free. A local attacker could use this flaw escalate privileges
or cause a denial-of-service.

* Improved fix to CVE-2017-1000364 to allow stack expansion close to userspace guard.

Some userspace applications like the Java Virtual Machine are trying to
implement a stack guard area manually by using a fixed mapping which,
together with the original Ubuntu fix for CVE-2017-1000364, prevents stack
expansion when it shouldn't have.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.