[Ksplice][Ubuntu-14.10-Updates] New updates available via Ksplice (USN-2637-1)

Wed Jun 10 20:06:04 PDT 2015

Synopsis: USN-2637-1 can now be patched using Ksplice
CVEs: CVE-2015-0275 CVE-2015-3636

Systems running Ubuntu 14.10 Utopic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2637-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 14.10 Utopic
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Memory corruption in SPI device ioctl.

An integer overflow in the kernel SPI driver can allow malformed ioctls
to trigger kernel memory corruption and allow a local user to gain
elevated privileges.

* Kernel information leak in PCI Advanced Error Reporting.

Incorrect printing for TLP headers in the PCI Advanced Error Reporting
driver could result in printing the address of a kernel pointer and
stack bytes to userspace.

* Kernel panic in ServerEngines iSCSI BladeEngine 2 initialization failure.

An incorrect call to remove the device in the error handling path could
result in a kernel crash when a BladeEngine 2 device failed to
initialize.

* Kernel crash in SCSI devices during unplug.

Incorrect handling of unoperational links could result in accessing a
device when it should not be possible to do so.  This could result in an
invalid pointer dereference and kernel crash.

* OCFS2 file corruption for files opened with O_APPEND.

The OCFS2 filesystem was incorrectly synchronizing files opened with
O_APPEND.  This could result in data corruption under specific
conditions.

* Data corruption in ext4 hole punching with indirect mappings.

Under specific conditions, ext4 filesystems could experience data loss
when using FALLOC_FL_PUNCH_HOLE on files.

* Kernel panic in IPv4 forwarding of timewait sockets.

The kernel IPv4 stack does not correctly handle forwarding data from
timewait sockets which can trigger an assertion failure and kernel
panic.

* Deadlock when sending IPv4 FIN packets.

The kernel IPv4 stack can deadlock causing a kernel panic when
transmitting IPv4 FIN packets under high memory pressure.

* Data loss when mounting btrfs volume with the 'discard' option.

When mounting a btrfs volume with '-o discard' the btrfs driver can
possibly overwrite filesystem metadata causing data loss.

* Memory leak in HyperV virtual storage driver.

The HyperV virtual storage driver does not correctly unmap memory when
handling I/O commands from a guest causing a kernel memory leak in the
host.

* Denial of service in btrfs IOC_FILE_EXTENT_SAME ioctl.

Attempting to query the extents of a file on a btrfs volume can trigger
an infinite loop and kernel panic. A local user could use this flaw to
cause a denial of service.

* Denial of service in btrfs IOC_CLONE ioctl.

Attempting to clone a zero-length region from one file to another on a
btrfs volume can trigger an infinite loop and kernel panic. A local
user could use this flaw to cause a denial of service.

* Memory corruption when resolving symlink target.

A reference counting error when opening a symlink which crosses a
mountpoint can trigger a use-after-free condition and kernel panic.

* Use-after-free in IPv6 virtual tunnelling during removal.

Incorrect removal of tunnel interfaces would result in a use-after-free
and kernel crash when removing the IPv6 virtual tunnelling module.

* Data loss when handling iSER commands.

The iSCSI Extensions for RDMA (iSER) driver incorrectly calculates the
amount of length of DIX data which can lead to silent data corruption.

* CVE-2015-3636: Memory corruption when unhashing IPv4 ping sockets.

The kernel IPv4 subsystem does not correctly handle unhashing a ping
socket which can trigger kernel memory corruption. A local user can use
this flaw to gain elevated privileges.

* CVE-2015-0275: Information leak in ext4 zero range allocation.

The ext4 filesystem driver does not correctly zero data when attempting
to create a new zero range in a file. This potentially allows locally
unprivileged users to view the contents of other files.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.