[Ksplice][Ubuntu-14.10-Updates] New updates available via Ksplice (USN-2616-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed May 20 10:16:45 PDT 2015
Synopsis: USN-2616-1 can now be patched using Ksplice
CVEs: CVE-2015-3331 CVE-2015-3332
Systems running Ubuntu 14.10 Utopic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2616-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 14.10 Utopic
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Memory corruption in Multiple Device driver when destroying a device.
Incorrect locking in the Multiple Device driver when destroying a device
could lead to memory corruptions and kernel panic. A local, privileged
user could use this flaw to cause a denial-of-service.
* Frames filtering bypass in mesh forwarding in mac80211 stack.
A flaw in the mac80211 mesh forwarding allows un-encrypted frames to pass
through. A remote attacker could use this flaw to inject un-encrypted
frames to an otherwise encrypted network.
* Denial-of-service in Intel Memory Protection Extensions.
Incorrect checking for user mode tasks could result in a
denial-of-service when handling bounds faults on a system with MPX
available.
* CVE-2015-3331: Denial-of-service in Intel AES RFC4106 decryption.
Incorrect mapping of buffers in the Intel AES RFC4106 implementation
could result in a kernel crash. A local, unprivileged user with access
to AF_ALG(aead) sockets could use this flaw to trigger a
denial-of-service.
* Information leak in /proc/PID/pagemap.
/proc/PID/pagemap includes the virtual to physical mappings and could be
accessed by a local, unprivileged user. This could be used in
conjuction with flaws such as ROWHAMMER to elevate privileges.
* Use-after-free in ISCSI target connection closing.
A race condition in the ISCSI target connection closing procedure could
result in a use-after-free condition and subsequent kernel crash.
* Denial-of-service in pSCSI backend.
A missing NULL pointer check could result in a denial-of-service,
triggerable by a local, unprivileged user for incomplete configurations.
* NULL pointer dereference during Target device initialization failure.
Failure to create a workqueue when initializing a target device could
result in a NULL pointer dereference and kernel crash under specific
conditions.
* Out-of-bounds memory access in multiqueue block core segment merging.
An incorrect array index could result in accessing beyond the bounds of
an array when merging requests. This could result in a crash or other,
undefined behaviour.
* Kernel crash in physical to virtual reverse mapping lookup.
Incorrect error handling when adjusting a virtual memory area could
result in integer underflow and a crash in the address reverse mapping
code.
* Data corruption on hfsplus filesystem when inserting node at position zero.
A logic error in the hfsplus filesystem driver leads to on-disk data
corruption when inserting a node at position zero.
* Use-after-free in Industrial I/O core error handling.
Incorrect error handling in the Industrial I/O device registration
function could result in a double-free and kernel crash.
* Use-after-free in CIFS page writing during intermittent network connectivity.
Incorrect error handling during loss of network connection could result
in a use-after-free when writing pages on a CIFS filesystem.
* NULL pointer dereference in Analog Devices IMU SPI driver.
Missing reference counting could result in a NULL pointer dereference in
the Analog Devices IMU SPI driver during removal if the trigger was
changed.
* Kernel panic when chowning files on NFS mount.
Under specific circumstances chowning a file on an NFS mount can trigger
an assertion failure and cause a kernel panic.
* CVE-2015-3332: Kernel BUG in TCP Fast Open when using GSO.
Incorrect initialisation of Fast Open SYN packets when using GSO could
cause a subsequent kernel BUG. Under certain circumstances, a local
user could take advantage of this to crash the kernel.
* Information leak in Infiniband Userspace events.
The Infiniband uverbs driver did not clear the events structure
resulting in leaking 4-8 bytes of kernel stack contents to userspace.
* Use-after-free in network namespace device moving.
Incorrect linked list manipulation could result in a use-after-free and
kernel crash when moving devices between namespaces.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-14.10-updates
mailing list