[Ksplice][Ubuntu-16.04-Updates] New Ksplice updates for Ubuntu 16.04 Xenial (USN-4463-1)

[Gregory Herrero]

Synopsis: USN-4463-1 can now be patched using Ksplice
CVEs: CVE-2020-12771 CVE-2020-15393

Systems running Ubuntu 16.04 Xenial can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-4463-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.04
Xenial install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-12771: Deadlock when using Block device as cache.

A locking error when using Block device as cache could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2020-15393: Memory leak when in USB test driver.

A missing free of resources when a USB test device is disconnected could
lead to a memory leak. A physically proximate attacker could use this
flaw to exhaust kernel memory and cause a denial-of-service.


* Denial-of-service in Generic Hypervisor Virtual Console due to a race condition.

A race condition in Generic Hypervisor Virtual Console infrastructure
implementation could happen when performing a sequence of open and
close operations on console device. A local user could use this flaw
to cause a kernel crash and denial-of-service.


* Out of bounds write in ioctl of Turtle Beach Maui and Tropez soundcards driver.

Out of bounds write in ioctl of Turtle Beach Maui and Tropez soundcards
driver could happen when issuing Wavefront synth commands from
userspace. A local, unprivileged user could use this flaw to cause
a denial-of-service or potentially escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.