[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (2.6.32-41.89)
Sasha Levin
sasha.levin at oracle.com
Wed May 16 09:48:42 PDT 2012
Synopsis: 2.6.32-41.89 can now be patched using Ksplice
CVEs: CVE-2011-4086 CVE-2012-1601 CVE-2012-2123
Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch
against the latest Ubuntu kernel update, 2.6.32-41.89.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2011-4086: Denial of service in journaling block device.
The journal block device assumed that a buffer marked as unwritten
or delay could be live without checking if the buffer was mapped.
An unprivileged local user could use this flaw to crash the system.
* CVE-2012-2123: Privilege escalation when assigning permissions using fcaps.
If a process increases permissions using fcaps, all of the dangerous
personality flags which are cleared for suid apps are not cleared. This has
allowed programs that gained elevated permissions using fcaps to disable
the address space randomization of other processes.
* CVE-2012-1601: Denial of service in KVM VCPU creation.
Inconsistent state in the creation of KVM virtual CPU's could
lead to NULL pointer dereferences. A unprivileged local user
could use this flaw to crash the system.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-10.04-Updates
mailing list