[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (4.4.0-97.120)
Oracle Ksplice
ksplice-support_ww at oracle.com
Tue Oct 10 12:28:49 PDT 2017
Synopsis: 4.4.0-97.120 can now be patched using Ksplice
CVEs: CVE-2017-12134 CVE-2017-14106 CVE-2017-14140
Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu kernel update, 4.4.0-97.120.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-14106: Divide-by-zero on TCP disconnect.
A missing initialization of the TCP Maximum Segment Size (MSS) to the
minimum authorized MSS value could lead to a division by zero on TCP
disconnect. A local user could use this flaw to cause a denial-of-service.
* Use-after-free in audit watch removal.
Incorrect use of reference counting in the audit framework can result in
a use-after-free. A local user with the ability to use the audit
framework could use this flaw to escalate privileges.
* Use-after-free in ALSA sequencer queue creation.
A race condition when creating a queue for use in the ALSA sequencer can
result in a use-after-free. A local user with access to ALSA could use
this flaw to escalate privileges.
* Use-after-free in get_mempolicy due to incorrect reference counting.
A reference count error in the get_mempolicy ioctl implementation can
result in a use-after-free. A local user could use this flaw to
escalate privileges.
* CVE-2017-12134, XSA-229: Privilege escalation in Xen block IO requests.
Incorrect merging of block IO vectors could result in corruption of data
accesses to/from a block device. A malicious guest could use this flaw
to crash the host, or potentially, gain privileges in the host.
* CVE-2017-14140: ASLR bypass due to insufficient permissions checks in move_pages.
A failure to correctly check permissions when using the move_pages
system call can allow an attacker to map out the address space of a
process which shares the same uid. A local user could use this flaw to
facilitate a further attack.
* Denial-of-service during key management API broadcast.
An incorrect memory allocation in the keyring subsystem could result in
a system deadlock. A local user could use this flaw to cause a
denial-of-service.
* Denial-of-service in DCCP socket teardown.
An assertion failure in the DCCP protocol stack can result in a kernel
crash. A local user could use this flaw to cause a denial-of-service.
* Denial-of-service in IPv4 metric accounting.
A failure to correctly handle an error case can result in a NULL pointer
dereference. A local user could use this flaw to cause a
denial-of-service.
* Out-of-bounds access in IPv4 MTU update.
A race condition in the IPv4 stack can result in an out-of-bounds memory
access when reducing an interface MTU. A local user with the ability to
administer network interfaces could use this flaw to cause a
denial-of-service.
* Information disclosure in SCTP socket initialisation.
A failure to correctly initialise a structure could result in the kernel
operating on uninitialised memory. A local user could use this flaw to
facilitate a further attack.
* Use-after-free in TIPC send implementation.
A failure to mark a structure as freed can result in a use-after-free. A
local user could use this flaw to escalate privileges.
* Use-after-free during IPv6 routing table entry replacement.
A failure to correctly configure the routing table when replacing a
route can lead to a use-after-free. A local user with the ability to
manipulate the routing table could use this flaw to escalate privileges.
* Denial-of-service when adding IPv6 route.
A failure to handle an error case when adding a new IPv6 route can
result in a NULL pointer dereference. A local user with the ability to
manipulate the routing table could use this flaw to escalate privileges.
* Information disclosure via IRDA socket operations.
A failure to correctly sanitize kernel memory in the IRDA subsystem can
result in sensitive kernel information being leaked to userspace. A
local user could use this flaw to facilitate a further attack.
* Denial-of-service in traffic control target manipulation.
A failure to clear memory when adding new targets in the traffic control
subsystem can result in a NULL pointer dereference. A local user with
the ability to configure network interfaces could use this flaw to cause
a denial-of-service.
* Remote denial-of-service in NFSv4 write operation processing.
A logic error when decoding write requests can result in a buffer
overrun, leading to memory corruption or a Kernel crash. A remote NFSv4
client could use this flaw to cause a denial-of-service on the NFSv4
server.
* Denial-of-service in CPU assignment of perf groups.
A logic error in the perf subsystem can result in incorrect CPU
assignment of perf groups resulting in a deadlock. A local user with the
ability to use perf could use this flaw to cause a denial-of-service.
* Denial-of-service in IP transformation configuration.
A failure to validate userspace information can result in an
out-of-bounds array access, leading to undefined behaviour or a kernel
crash. A local user with the ability to configure the IP transformation
framework could use this flaw to cause a denial-of-service.
* Denial-of-service in epoll cleanup handler.
A race condition during cleanup of an epoll instance can result in a
use-after-free. A local user could use this flaw to cause a kernel
crash, resulting in a denial-of-service.
* Denial-of-service in skcipher page manipulation.
A logic error when freeing an skcipher request can result in
decrementing a reference count on a page which was not incremented.
A local user could use this flaw to cause a kernel crash, resulting in a
denial-of-service.
* SMAP bypass in NMI handler.
A failure to clear a flag in the non-maskable interrupt handler can
result in Supervisor Mode Access Prevention being disabled.
* Use-after-free in DCCP socket destruction.
A race condition when destroying a DCCP socket can result in
use-after-free. A local user could use this flaw to cause a
denial-of-service or potentially escalate privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-16.04-updates
mailing list