[Ksplice][Fedora-15-updates] New updates available via Ksplice (FEDORA-2012-0492)
Tim Abbott
tim.abbott at oracle.com
Tue Jan 17 15:00:59 PST 2012
Synopsis: FEDORA-2012-0492 can now be patched using Ksplice
CVEs: CVE-2011-2203 CVE-2011-4077 CVE-2011-4347 CVE-2011-4622
CVE-2012-0038 CVE-2012-0045 CVE-2012-0207
Systems running Fedora 15 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2012-0492.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 15 install
these updates. You can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* File creation race in eCryptfs.
A race between file creation and allocation could cause a null pointer
dereference or attempts to use uninitialized memory.
* Use after free bug in ext4_end_io_dio.
A 'use-after-free' bug in ext4_end_io_dio causes a data leak of a struct
ext4_io_end_t structure. If the slab object is reallocated, then
ext4_end_io_dio ends up clearing the wrong iocb->private, which can
cause a leak of an ext4_io_end_t struct.
* Improved fix for CVE-2011-4077.
Fedora provided an improved patch for CVE-2011-4077, fixing a buffer
overflow in xfs_readlink.
* Prevent xfs quota memory corruption.
The xfs_qm_dqattach_one function in the xfs filesystem did not properly
pass the doalloc flag to xfs_qm_dqget. As a result, xfs_qm_dqget would
not allocate a new quota object even if it is needed, resulting in
possible memory corruption.
* Kernel OOPS in fork() under heavy load.
Because MMU updates weren't being flushed when doing kmap_atomic (or
kunmap_atomic), we could hit a dereference bug when processing a "fork()"
on a heavy loaded machine.
* NULL pointer dereference in CIFS directory search handling.
In some cases, a FIND reply will cause the last_entry field of a
cifs_search_info struct to be NULL. Missing checks on this field in
find_cifs_entry allowed a NULL pointer dereference and kernel OOPS.
* CVE-2011-2203: Null pointer dereference mounting HFS filesystems.
A NULL pointer dereference flaw was found in the Linux kernel's HFS
file system implementation. A local attacker could use this flaw to
cause a denial of service by mounting a disk that contains a
specially-crafted HFS file system with a corrupted MDB extent
record.
* Use-after-free in ext4 direct I/O (DIO) management.
iocb->private was cleared too late in ext4_end_io_dio. An fsync() run
on another CPU could free an iocb struct that was still in use.
* Information leak in ext4 page-IO.
Parts of a page beyond EOF were not zeroed before being returned to
the user in ext4_bio_write_page. This allowed an mmap of a size other
than a multiple of PAGE_SIZE to read uninitialized memory.
* Buffer overflow in FUSE page retrieval.
If more than FUSE_MAX_PAGES_PER_REQ pages were requested in
fuse_retrieve, the request page array would overflow.
* CVE-2011-4622: NULL pointer deference in KVM interval timer emulation.
Starting PIT timers in the absence of irqchip support could cause a
NULL pointer dereference and kernel OOPs.
* CVE-2012-0045: Denial of service in KVM system call emulation.
A bug in the system call emulation for allowed local users on a 32-bit
KVM guest system to cause the guest system to panic.
* CVE-2012-0038: Buffer overflow in XFS ACL handling code.
An integer overflow bug in the XFS filesystem's ACL handling could
lead to a heap-based buffed overflow when mounting a maliciously
crafted XFS filesystem.
* CVE-2012-0207: Denial of service bug in IGMP.
The IGMP subsystem's compatability handling of v2 packets had a bug in
the computation of a delay field which could result in division by
zero (causing a kernel panic).
* CVE-2011-4347: Denial of service in KVM device assignment.
Several bugs that allowed unprivileged users to improperly assign
devices to KVM guests could result in a denial of service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-15-Updates
mailing list