[Ksplice][Ubuntu-16.10-Updates] New Ksplice updates for Ubuntu 16.10 Yakkety (4.8.0-58.63)

Fri Jun 30 23:53:40 PDT 2017

Synopsis: 4.8.0-58.63 can now be patched using Ksplice
CVEs: CVE-2017-1000364 CVE-2017-100363 CVE-2017-7294 CVE-2017-7374 CVE-2017-9074 CVE-2017-9075 CVE-2017-9242

Systems running Ubuntu 16.10 Yakkety can now use Ksplice to patch
against the latest Ubuntu kernel update, 4.8.0-58.63.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 16.10
Yakkety install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2017-7294: Denial-of-service in virtual GPU define surface ioctl.

The vmw_service_define_ioctl() fails to sanitize its inputs, allowing an
attacker to trigger an out-of-bounds write, causing a denial-of-service
or privilege escalation.

* CVE-2017-9075: Incorrectly copying list headers on socket clone causes denial-of-service.

When cloning sockets, several list headers are incorrectly copied to the
child sockets, which then leads to double-frees when both sockets are
closed, causing a kernel panic and denial-of-service.

* CVE-2017-9074: Information leak via ipv6 fragment header.

The header size of an ipv6 fragment is not properly checked, potentially
allowing an attacker to read out-of-bounds memory when attempting to
parse it, leaking information.

* CVE-2017-9075: Denial of service when using SCTP protocol with IPV6.

A missing structure initialization could lead to a double free when
creating a new socket. A local unprivileged attacker could use this flaw
to cause a denial-of-service.

* CVE-2017-9242: Denial-of-service when using send syscall of IPV6 socket.

A missing check when sending messages over IPV6 sockets could lead to an
out-of-bound access. A local user could use this flaw to cause a
denial-of-service.

* CVE-2017-100363: Denial-of-service in printer driver setup.

Missing validation on the "lp" module parameter could result in an
out-of-bounds access and integer overflow.  A local, privileged user
could use this flaw to crash the kernel or defeat secure boot
protections.

* Improved fix to CVE-2017-1000364 to allow stack expansion close to userspace guard.

Some userspace applications like the Java Virtual Machine are trying to
implement a stack guard area manually by using a fixed mapping which,
together with the original Ubuntu fix for CVE-2017-1000364, prevents stack
expansion when it shouldn't have.

* CVE-2017-7374: Denial-of-service when revoking keys used for file system encryption.

A logic error in file system encryption subsystem when revoking keys used
for ext4, f2fs, or ubifs encryption could lead to a use-after-free. A
local attacker could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.