[Ksplice][Ubuntu-15.04-Updates] New updates available via Ksplice (3.19.0-17.17)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed May 20 10:27:30 PDT 2015
Synopsis: 3.19.0-17.17 can now be patched using Ksplice
Systems running Ubuntu 15.04 Vivid can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.19.0-17.17.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 15.04 Vivid
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Frames filtering bypass in mesh forwarding in mac80211 stack.
A flaw in the mac80211 mesh forwarding allows un-encrypted frames to pass
through. A remote attacker could use this flaw to inject un-encrypted
frames to an otherwise encrypted network.
* NULL pointer dereference in Intel WiFi driver when handling Bluetooth coex.
A missing pointer check in the Intel WiFi driver when handling Bluetooth
coex events could lead to a NULL pointer dereference and kernel crash under
certain conditions.
* Out-of-bounds memory read in Broadcom WiFi driver when reading vendor command.
Missing input validation in the Broadcom WiFi driver when reading vendor
commands could lead to an out-of-bounds memory read and kernel panic. A
local, privileged user could use this flaw to cause a denial-of-service.
* Memory corruption in Multiple Device driver when destroying a device.
Incorrect locking in the Multiple Device driver when destroying a device
could lead to memory corruptions and kernel panic. A local, privileged
user could use this flaw to cause a denial-of-service.
* Data corruption on hfsplus filesystem when inserting node at position zero.
A logic error in the hfsplus filesystem driver leads to on-disk data
corruption when inserting a node at position zero.
* Kernel information leak in PCI Advanced Error Reporting.
Incorrect printing for TLP headers in the PCI Advanced Error Reporting
driver could result in printing the address of a kernel pointer and
stack bytes to userspace.
* NULL pointer dereference in multiqueue block core tag allocation.
Under I/O pressure, a NULL pointer dereference could be triggered when
there were no free tags in the multiqueue block core tag pool.
* Out-of-bounds memory access in multiqueue block core segment merging.
An incorrect array index could result in accessing beyond the bounds of
an array when merging requests. This could result in a crash or other,
undefined behaviour.
* Denial-of-service in DRM framebuffer reference counting.
Incorrect handling of reference counting for the DRM framebuffer could
allow a local user with access to the DRM device to trigger a
denial-of-service.
* Denial-of-service in Radeon Translation Table Manager unbinding.
A missing NULL pointer check could result in a NULL pointer dereference
when unbinding a Translation Table Manager object. A local user with
access to the DRM device could use this flaw to trigger a
denial-of-service.
* Use-after-free in kernel NFS server during lock state hashtable race.
A race condition when inserting a lock owner into the state owner hash
table could result in a use-after-free and subsequent kernel crash.
* Kernel crash in physical to virtual reverse mapping lookup.
Incorrect error handling when adjusting a virtual memory area could
result in integer underflow and a crash in the address reverse mapping
code.
* Kernel crash in isolated page freeing.
When freeing a previously isolated page, missing mappings could result
in an invalid pointer dereference, triggering a kernel crash.
* Kernel crash in SCSI devices during unplug.
Incorrect handling of unoperational links could result in accessing a
device when it should not be possible to do so. This could result in an
invalid pointer dereference and kernel crash.
* Use-after-free in Industrial I/O core error handling.
Incorrect error handling in the Industrial I/O device registration
function could result in a double-free and kernel crash.
* NULL pointer dereference in Analog Devices IMU SPI driver.
Missing reference counting could result in a NULL pointer dereference in
the Analog Devices IMU SPI driver during removal if the trigger was
changed.
* Use-after-free in CIFS page writing during intermittent network connectivity.
Incorrect error handling during loss of network connection could result
in a use-after-free when writing pages on a CIFS filesystem.
* Memory leak in Realtek Wifi Access Point mode.
Failure to unmap DMA buffers would result in a memory leak. After
running the device in AP mode for a period of time it would become
impossible to transmit frames.
* Kernel panic in ServerEngines iSCSI BladeEngine 2 initialization failure.
An incorrect call to remove the device in the error handling path could
result in a kernel crash when a BladeEngine 2 device failed to
initialize.
* OCFS2 file corruption for files opened with O_APPEND.
The OCFS2 filesystem was incorrectly synchronizing files opened with
O_APPEND. This could result in data corruption under specific
conditions.
* XFS filesystem corruption during truncation.
Failure to write zeroed blocks to disk during truncation on an XFS
filesystem could result in failure to zero those blocks during a crash.
This could leave sensitive information on the disk.
* Denial-of-service in Berkeley Packet Filter program loading.
Missing bounds checks could result in memory corruption and a kernel
crash when loading a BPF programing. A local, privileged user could use
this flaw to trigger a denial-of-service or potentially escalate
privileges.
* Use-after-free in DRM atomic helpers.
Multiple bugs in the DRM atomic helpers could result in a use-after-free
and subsequent kernel crash.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-15.04-updates
mailing list