[Ksplice][Ubuntu-15.04-Updates] New updates available via Ksplice (USN-2738-1)

Wed Sep 9 05:16:11 PDT 2015

Synopsis: USN-2738-1 can now be patched using Ksplice
CVEs: CVE-2015-5707

Systems running Ubuntu 15.04 Vivid can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2738-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 15.04 Vivid
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Out-of-bounds access in DRM atomic iterators.

Missing range checks could result in an out-of-bounds access when
iterating over planes and controllers.  This could result in memory
corruption or a kernel crash.

* Kernel stack information leak in IEEE 802.15.4 LR-WPAN datagrams.

Missing stack structure initialization could result in leaking between 4
and 10 bytes of kernel stack contents to userspace when receiving a
datagram from an LR-WPAN socket.  A local, unprivileged user could use
this flaw to leak contents of the kernel stack.

* CVE-2015-5707: Privilege escalation in generic SCSI character device.

An integer overflow in the SCSI generic driver in the Linux kernel could
allow a local user with write permission on a SCSI generic device to
escalate privileges.

* BTRFS data loss during append writes and hard links.

Under specific conditions, appending to a file after creating a hard
link could result in loss of the appended data.

* NULL pointer dereference in OS/2 HPFS filesystem remount.

Remounting an HPFS filesystem under low-memory conditions could result
in a NULL pointer dereference and kernel crash.

* NULL pointer dereference in block layer during block I/O.

Under certain circumstances, trying to submit I/O requests on a block
device using integrity checks could result in a NULL pointer dereference.

* Denial-of-service in BTRFS extent_same ioctl().

A missing memory free() could result in a memory leak and memory
exhaustion when performing the extent_same ioctl() on a BTRFS
filesystem.  A local user with access to the filesystem device could use
this flaw to trigger a denial-of-service.

* Use-after-free in BTRFS transaction commit.

Incorrect transaction commit handling could result in a use-after-free
condition and kernel crash.

* BTRFS filesystem corruption on inline extent cloning.

Incorrect copying of inline extents could result in corruption of the
BTRFS filesystem or a kernel crash.  A local, unprivileged user could
use this flaw to crash the system.

* NULL pointer dereference in VIA VT665X BSS info change.

A missing NULL Pointer check could result in a NULL pointer dereference
and kernel crash when handling a BSS change on a VIA VT665X device.

* Denial-of-service in BTRFS inode cache during deletion.

Missing locking during inode unpinning could result in memory
corruption.  A local user with access to the BTRFS filesystem could use
this flaw to trigger a denial-of-service.

* Delayed inode freeing in directory cache.

A bug in the dcache code when using file handles could cause inodes to
remain on disk (taking up space) indefinitely after deletion. A
malicious local user could use this to fill up a filesystem.

* Denial-of-service in Distributed Switch Architecture device probing.

Missing range checks when probing a DSA device from a Device Tree could
result in an out-of-bounds access.  Malicious firmware or a privileged
user could use this flaw to crash the system.

* Denial-of-service in network device queue allocation.

A kernel assertion could be triggered from user-space when adding a
network device.  A local, privileged user could use this flaw to crash
the system.

* NULL pointer dereference in Intel i915 driver on hotplug.

A missing NULL pointer check could result in a kernel crash when
hotplugging an Intel i915 based device into an external display under
specific conditions.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.