[Ksplice][Ubuntu-14.10-Updates] New updates available via Ksplice (USN-2685-1)

Fri Jul 24 00:45:09 PDT 2015

Synopsis: USN-2685-1 can now be patched using Ksplice
CVEs: CVE-2015-4692

Systems running Ubuntu 14.10 Utopic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2685-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 14.10 Utopic
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Kernel hang on UDP flood with wrong checksums.

A flaw in the UDP handling of wrong checksums could lead to a kernel hang
under a UDP flood attack.  A remote attacker could use this flaw to cause a
denial-of-service.

* CVE-2015-4692: Denial-of-service when checking for events in the emulated KVM APIC.

A missing check for NULL in the KVM code when checking if there are any
pending events on the emulated interrupt controller could lead to NULL
pointer dereference.  A local user with access to /dev/kvm could use this
flaw to cause a denial-of-service.

* Denial-of-service in userspace string handling.

An incorrect length check could result in accessing beyond a
validated buffer.  A local, unprivileged user could use this flaw to
crash the kernel in specific conditions.

* NULL pointer dereference in CAIF and Unix sockets on receival.

Lack of checking that the socket has been destroyed in the recvmsg()
handlers for CAIF and Unix sockets could lead to a NULL pointer
dereference.  A local, unprivileged user could use this flaw to cause a
denial-of-service.

* NULL pointer dereference in Btrfs when sending a snapshot.

A logic error in the Btrfs code when sending a snapshot could lead to a
NULL pointer dereference on concurrent snapshot deletion.  A local,
privileged user could use this flaw to cause a denial-of-service.

* Information leak in CFG80211 WiFi extension.

A lack of zeroing a stack allocated structure used for statistics in the
CFG80211 WiFi extension could result in information leaks from one device
to another.  A local, unprivileged user could use this flaw to gain
knowledge about network traffic on other devices.

* Use-after-free in the memory hotplug code when re-adding a node.

A lack of re-initializing a pointer to NULL in the memory hotplug code when
re-adding a node could lead to a use-after-free and kernel panic.  A local,
privileged user could use this flaw to cause a denial-of-service.

* Kernel hang in generic block driver.

The generic block driver was calling a function not intended to run in both
interrupt and process context. In certain cases, this could lead to the
kernel hanging.

* Kernel panic on Intel VT/d iommu in passthrough mode.

A flaw in the Intel VT/d iommu driver when configured in passthrough mode
could lead to an invalid pointer dereference on translation-disabled
devices.  A local, privileged user could use this flaw to cause a
denial-of-service.

* Use-after-free in packet generation state.

Incorrect locking the network transformation (XFRM) subsystem can
trigger a use-after-free condition and kernel panic when generating
packets.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.