<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Synopsis: USN-1272-1 can now be patched using Ksplice<br>
CVEs: CVE-2011-2183 CVE-2011-2491 CVE-2011-2496 CVE-2011-2517<br>
<br>
Systems running Ubuntu 10.10 Maverick can now use Ksplice to patch<br>
against the latest Ubuntu Security Notice, USN-1272-1.<br>
<br>
INSTALLING THE UPDATES<br>
<br>
We recommend that all users of Ksplice Uptrack on Ubuntu 10.10<br>
Maverick install these updates. You can install these updates by<br>
running:<br>
<br>
# /usr/sbin/uptrack-upgrade -y<br>
<br>
On systems that have "autoinstall = yes" in
/etc/uptrack/uptrack.conf,<br>
these updates will be installed automatically and you do not need to<br>
take any additional action.<br>
<br>
<br>
DESCRIPTION<br>
<br>
* CVE-2011-2517: Buffer overflow in 802.11 netlink interface.<br>
<br>
The nl80211_trigger_scan function failed to check for a valid SSID<br>
length, leading to denial of service via buffer overflow.<br>
<br>
<br>
* Improved fix to CVE-2011-2496: Denial of Service in mremap.<br>
<br>
Ubuntu's original patch for CVE-2011-2496 did not include related<br>
boundary checks in the code for automatic stack expansion.<br>
<br>
<br>
* CVE-2011-2183: NULL pointer dereference in ksmd.<br>
<br>
Andrea Righi reported a case where an exiting task can race against<br>
ksmd::scan_get_next_rmap_item and trigger a NULL pointer dereference<br>
in ksmd.<br>
<br>
<br>
* CVE-2011-2491: Local denial of service in NLM subsystem.<br>
<br>
A flaw in the client-side NLM implementation could allow a local,<br>
unprivileged user to cause a denial of service.<br>
<br>
<br>
*
<meta charset="utf-8">
CVE-2011-1585: Denial of service in CIFS password handling.<br>
<br>
The kernel's CIFS implementation would sometimes dereference a NULL<br>
pointer representing a missing password.<br>
<br>
SUPPORT<br>
<br>
Ksplice support is available at <a class="moz-txt-link-abbreviated" href="mailto:support@ksplice.com">support@ksplice.com</a> or +1
765-577-5423.<br>
<br>
</body>
</html>