[Ksplice][Ubuntu-14.10-Updates] New updates available via Ksplice (USN-2637-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed Jun 10 20:06:04 PDT 2015
Synopsis: USN-2637-1 can now be patched using Ksplice
CVEs: CVE-2015-0275 CVE-2015-3636
Systems running Ubuntu 14.10 Utopic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2637-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 14.10 Utopic
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Memory corruption in SPI device ioctl.
An integer overflow in the kernel SPI driver can allow malformed ioctls
to trigger kernel memory corruption and allow a local user to gain
elevated privileges.
* Kernel information leak in PCI Advanced Error Reporting.
Incorrect printing for TLP headers in the PCI Advanced Error Reporting
driver could result in printing the address of a kernel pointer and
stack bytes to userspace.
* Kernel panic in ServerEngines iSCSI BladeEngine 2 initialization failure.
An incorrect call to remove the device in the error handling path could
result in a kernel crash when a BladeEngine 2 device failed to
initialize.
* Kernel crash in SCSI devices during unplug.
Incorrect handling of unoperational links could result in accessing a
device when it should not be possible to do so. This could result in an
invalid pointer dereference and kernel crash.
* OCFS2 file corruption for files opened with O_APPEND.
The OCFS2 filesystem was incorrectly synchronizing files opened with
O_APPEND. This could result in data corruption under specific
conditions.
* Data corruption in ext4 hole punching with indirect mappings.
Under specific conditions, ext4 filesystems could experience data loss
when using FALLOC_FL_PUNCH_HOLE on files.
* Kernel panic in IPv4 forwarding of timewait sockets.
The kernel IPv4 stack does not correctly handle forwarding data from
timewait sockets which can trigger an assertion failure and kernel
panic.
* Deadlock when sending IPv4 FIN packets.
The kernel IPv4 stack can deadlock causing a kernel panic when
transmitting IPv4 FIN packets under high memory pressure.
* Data loss when mounting btrfs volume with the 'discard' option.
When mounting a btrfs volume with '-o discard' the btrfs driver can
possibly overwrite filesystem metadata causing data loss.
* Memory leak in HyperV virtual storage driver.
The HyperV virtual storage driver does not correctly unmap memory when
handling I/O commands from a guest causing a kernel memory leak in the
host.
* Denial of service in btrfs IOC_FILE_EXTENT_SAME ioctl.
Attempting to query the extents of a file on a btrfs volume can trigger
an infinite loop and kernel panic. A local user could use this flaw to
cause a denial of service.
* Denial of service in btrfs IOC_CLONE ioctl.
Attempting to clone a zero-length region from one file to another on a
btrfs volume can trigger an infinite loop and kernel panic. A local
user could use this flaw to cause a denial of service.
* Memory corruption when resolving symlink target.
A reference counting error when opening a symlink which crosses a
mountpoint can trigger a use-after-free condition and kernel panic.
* Use-after-free in IPv6 virtual tunnelling during removal.
Incorrect removal of tunnel interfaces would result in a use-after-free
and kernel crash when removing the IPv6 virtual tunnelling module.
* Data loss when handling iSER commands.
The iSCSI Extensions for RDMA (iSER) driver incorrectly calculates the
amount of length of DIX data which can lead to silent data corruption.
* CVE-2015-3636: Memory corruption when unhashing IPv4 ping sockets.
The kernel IPv4 subsystem does not correctly handle unhashing a ping
socket which can trigger kernel memory corruption. A local user can use
this flaw to gain elevated privileges.
* CVE-2015-0275: Information leak in ext4 zero range allocation.
The ext4 filesystem driver does not correctly zero data when attempting
to create a new zero range in a file. This potentially allows locally
unprivileged users to view the contents of other files.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-14.10-updates
mailing list