[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (USN-3378-2)

Oracle Ksplice ksplice-support_ww at oracle.com
Mon Aug 7 05:37:51 PDT 2017 

Synopsis: USN-3378-2 can now be patched using Ksplice
CVEs: CVE-2017-1000365 CVE-2017-10810 CVE-2017-7482 CVE-2017-7533

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-3378-2.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service when using Geschwister Schneider UG interfaces.

A missing free when closing USB Geschwister Schneider net device could
lead to a memory leak. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.


* Denial-of-service when using videobuf2 core framework.

A check error when using videobuf2 core framework could lead to an out
of bounds access. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when using independent BSS feature of mac80211.

An error in allocation size when using IBSS could lead to an out of
bounds access. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when setting alarm timer.

An overflow when setting alarm timer leads to alarm expiring immediately
in a loop, causing a high cpu load. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2017-1000365: Privilege escalation when performing exec.

A logic error allows an unprivileged local user to bypass argument and
environmental string size limits when performing an exec syscall. A
local user could use this flaw to bypass guard pages between the stack
and another mapping, leading to potential privilege escalation.


* Denial-of-service when routing autofs ioctl control command.

A logic error in handling ioctl control command failure leads to a null
pointer dereference. An attacker can exploit this to cause
denial-of-service.


* Denial-of-service when rescheduling timer.

A logic error when rescheduling a process in response to signal with
SI_TIMER signal code leads to kernel memory corruption and eventual
kernel crash. A local user can exploit this vulnerability to cause
denial-of-service.


* Use-after-free in Linux SCSI Target fabric driver.

A reference counting error when aborting transport command in Linux SCSI
Target fabric driver leads to a use-after-free in kernel. This could
allow a local user to escalate privilege.


* CVE-2017-7482: Memory corruption when decoding Keberos 5 ticket.

A boundary condition error when decoding Keberos 5 tickets using the
RXRPC keys leads to local buffer overflow. This could lead to memory
corruption and possible privilege escalation.


* Denial-of-service when setting network interface alias.

A missing check on user input could lead to use of uninitialized memory
when setting network interface alias. A local attacker could use this
flaw to cause a denial-of-service.


* Information leak when dumping RTNetlink interface information.

A missing structure initialization when dumping RTNetlink interface
information could leak on-stack kernel data. A local attacker
could use this flaw to gain information about running kernel and
facilitate an attack.


* Denial-of-service when using Communication CPU to Application CPU Interfaces.

An error in allocation flag when using CAIF sockets could lead to a
deadlock. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when releasing IGMP socket.

A locking error when releasing IGMP socket could lead to a
use-after-free. A local attacker could us this flaw to cause a
denial-of-service.


* Denial-of-service when registering vlan device.

A missing check in error path when registering vlan device could lead to
a kernel BUG. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when using IPV6 routing policy.

A logic error when using IPV6 routing policy could lead to a memory
leak. A local attacker could use this flaw to exhaust kernel memory and
cause a denial-of-service.


* Denial-of-service when creating connection tracking entry.

A missing initialization when creating a connection tracking entry using
Synproxy socket could lead to kernel crashes. A local attacker could use
this flaw to cause a denial-of-service.


* Denial-of-service when configuring codec for an ALSA device.

A list handling error when going through ALSA supported codecs could
lead to an infinite loop. A local attacker could use this flaw to cause
a denial-of-service.


* Denial-of-service when destroying context command in DRM driver for VMware Virtual GPU.

A missing free when destroying context's command in DRM driver for
VMware Virtual GPU could lead to a memory leak. A local attacker could
use this flaw to exhaust kernel memory and cause a denial-of-service.


* Denial-of-service when closing interface of Korina ethernet driver.

An incorrect logic when closing interface in Korina ethernet driver
could lead to a use-after-free. A local attacker could use this flaw to
create a denial-of-service.


* Denial-of-service in xen-netfront out-of-memory handling.

A flaw in the retry logic of the xen-netfront driver in a low memory
situation can result in stalling the Rx path of the driver.


* CVE-2017-10810: Denial-of-service when creating GPU objects using virtio driver.

A missing free in error path when creating GPU objects with virtio
driver could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* Denial-of-service when closing USB gadget FS file.

A logic error when releasing a USB Gadget filesystem file could lead to
a general protection fault or a use-after-free. A local attacker could
use this flaw to cause a denial-of-service or possibly escalate
privileges.


* Denial-of-services when using XFRM to transform network packets.

Multiple errors in XFRM framework could lead to multiple NULL pointer
dereferences or out-of-bound accesses. A local attacker could use this
flaw to cause a denial-of-service.


* Deadlock when closing a USB function filesystem gadget.

A race condition when closing a USB function filesystem gadget could
lead to a deadlock. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference when receiving packet with Broadcom Ethernet driver.

A missing check when receiving network packet with BCM4706 GBit MAC
driver could lead to a NULL pointer dereference. A remote attacker could
use this flaw to cause a denial-of-service.


* Buffer underflow when setting beacon data of Realtek RTL8188EU Wireless LAN NIC driver.

A missing check when setting beacon data of R8188EU driver in Host mode
could lead to a buffer underflow. A local attacker could use this flaw
to cause a denial-of-service.


* Denial-of-service when enabling endpoint in USB Function Filesystem.

A missing check when enabling a HighSpeed or FullSpeed USB endpoint with
USB gadget function filesystem driver could lead to an out of bounds
access. A local attacker could use this flaw to cause a
denial-of-service.


* Memory leak when performing a route lookup with IPV6.

A missing free in error path when performing a route lookup with IPV6
could lead to a memory leak. A local attacker could use this flaw to
cause a denial-of-service.


* Use-after-free when processing TCP packets in netfliter TCPMSS target.

A missing check when using TCPMSS target for TCP could lead to an
use-after-free. A remote attacker could use this flaw to cause a
denial-of-service.


* Double free when allocating resources in Emulex LightPulse Fibre Channel driver.

A logic error in error path when allocating resources in Emulex
LightPulse Fibre Channel driver could lead to a double free. A local
attacker could use this flaw to cause a denial-of-service.


* Denial-of-service when using software bounce buffers with NVME.

A logic error when using software bounce buffers with an NVME device
could lead to a kernel assert. A local attacker could use this flaw to
cause a denial-of-service.


* NULL pointer dereference when configuring SCTP socket.

A missing check on user input when configuring a SCTP socket could lead
to a NULL pointer deference. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2017-7533: Privilege escalation in inotify during file rename.

A race condition in inotify when renaming a file can result in kernel
memory corruption. A local attacker could use this flaw to escalate
privileges.


* Denial-of-service during IO configuration of LightPulse Fibre Channel driver.

A failure to correctly clear an IO configuration structure after use can
result in a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-16.04-updates mailing list