[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (4.4.0-87.110)

Thu Jul 27 11:55:45 PDT 2017

Synopsis: 4.4.0-87.110 can now be patched using Ksplice
CVEs: CVE-2014-9900 CVE-2015-8944 CVE-2017-1000380 CVE-2017-7346 CVE-2017-9074 CVE-2017-9150

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu kernel update, 4.4.0-87.110.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2014-9900: Information disclosure in Wake-On-LAN driver.

Due to a failure to correctly clear memory, sensitive kernel information
can be disclosed to userspace when information about Wake-On-LAN support
is requested. A local attacker could use this flaw to facilitate a
further attack on the kernel.

* CVE-2017-9074: Denial-of-service when using Generic Segmentation Offload on IPV6 socket.

A missing check when using Generic Segmentation Offload on IPV6 socket
could lead to a memory leak. A local attacker could use this flaw to cause
a denial-of-service.

* CVE-2017-7346: Denial-of-service when user defines surface in VMware Virtual GPU driver.

A missing check on user input could lead to an infinite loop. A local
attacker could use this flaw to cause a denial-of-service.

* Denial-of-service when using TCP fastopen on a socket with unknown address family.

A missing check on socket's address family type when using TCP fastopen
could lead to a kernel BUG(). A local attacker could create such socket
and send TCP fastopen packet over to cause a denial-of-service.

* Denial-of-service in hugepage soft offline handling.

A failure to correctly handle reference counting when soft offlining
huge pages can result in a soft lockup. A local attacker could use this
flaw to cause a denial-of-service.

* Denial-of-service when removing a VXLAN interface.

A logic error when removing a VXLAN interface could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.

* Denial-of-service when adding a key using the key control subsystem.

A missing check on user input when using add_key syscall of keyctl could
lead to a NULL pointer dereference if the key type is asymmetric,
cifs.idmap, cifs.spnego, or pkcs7_test.  A local attacker could use this
flaw to cause a denial-of-service.

* Denial-of-service when updating a key using the key control subsystem.

A missing check in error path when updating a key with asymmetric type
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.

* Denial-of-service in NFS daemon when receiving malformed request.

A logic error when receiving a malformed or malicious request from a NFS
client could lead to a NULL pointer dereference. A remote attacker could
use this flaw to cause a denial-of-service.

* Denial-of-service when attaching large numbers of Xen paravirt devices.

Incorrect error checking when attaching a large number of Xen paravirt
devices can trigger a BUG_ON and kernel panic when booting or migrating
a virtual machine.

* CVE-2017-7346: Information leak when user defines surface in VMware Virtual GPU driver.

A missing initialization of local variable when user defines surface in
VMXGFX driver could leak stack information. A local attacker could use
this flaw to gain information about the running kernel and facilitate an
attack.

* CVE-2017-1000380: Information leak when reading timer information from ALSA devices.

A missing data initialization and a race condition when reading timer
information of ALSA devices from user space could lead to an information
leak. A local attacker could use this flaw to get information about
running kernel and facilitate an attack.

* Denial-of-service when receiving data over Xilinx ethernet controller.

A missing check when receiving data over Xilinx ethernet controller
could lead to a buffer overflow. A remote attacker could use this flaw
to cause a denial-of-service.

* CVE-2015-8944: Information disclosure via /proc/iomem.

A failure to correctly check permissions can lead to sensitive addresses
being disclosed from /proc/iomem. A local attacker could use this flaw
to facilitate a further attack on the kernel.

* CVE-2017-9150: Information disclosure via use of unprivileged eBPF programs.

A failure to enforce kptr_restrict for eBPF programs can result in the
leak of sensitive information to userspace. A local attacker could use
this flaw to facilitate a further attack.

* Denial-of-service when using network emulation on local loop back sockets.

A reference counting error when using network emulation on local sockets
could lead to a memory exhaustion of the system. A local attacker could
use this flaw to cause a denial-of-service.

* Denial-of-service when reopening tty device.

A reference counting error when retrying to open tty device results in
memory leak. An unprivileged local user could exploit this to exhaust
kernel memory and cause denial-of-service.

* Information leak when initializing the stack in fork.

Failure to fully-randomize the stack canary leads to predictability in
the stack. This may leave the kernel vulnerable to other attacks which
rely on stack corruption.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.