[Ksplice][Ubuntu-15.04-Updates] New updates available via Ksplice (3.19.0-66.74)

[Oracle Ksplice]

Synopsis: 3.19.0-66.74 can now be patched using Ksplice
CVEs: CVE-2016-1237 CVE-2016-4470 CVE-2016-5243

Systems running Ubuntu 15.04 Vivid can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.19.0-66.74.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 15.04 Vivid
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel panic when failing to create a Unix98 PTY.

A NULL pointer dereference and kernel panic is triggered when a Unix98
pseudo-terminal cannot be allocated because of memory pressure. A local
user could use this flaw to cause a denial of service.


* CVE-2016-4470: Denial-of-service in the keyring subsystem.

Failure to check that a key was properly added to a keyring before removing
it could lead to a kernel crash.  A local, unprivileged user could use this
flaw to cause a denial-of-service.


* CVE-2016-5243: Information leak in the Transparent Inter Process Communication protocol.

The use of strcpy() inside the Transparant Inter Process Communication
protocol (TIPC) when dumping the link name leads to a maximum of 58 bytes
leaked to userspace.  A local attacker could use this flaw to gain
information about the running kernel and facilitate an attack.


* CVE-2016-1237: Permission bypass in NFS filesystem when setting ACLs.

Missing permission checks when setting the ACLs on a file from a NFS mount
could allow unprivileged users to grant themselves access to an otherwise
not allowed file.  This could potentially be used to escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.