[Ksplice][Ubuntu-12.04-Updates] New updates available via Ksplice (3.2.0-35.55)

Mon Dec 17 17:32:25 PST 2012

Synopsis: 3.2.0-35.55 can now be patched using Ksplice
CVEs: CVE-2012-5517

Systems running Ubuntu 12.04 Precise can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.2.0-35.55.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.04 Precise
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Data corruption and kernel panics caused by cryptd.

A race condition in the cryptd subsystem could lead to data corruption
or kernel panics.

* Out-of-bounds memory access in 802.11 frame reception.

Missing checks could cause the mac80211 driver to access invalid
memory.  This could lead to kernel crashes or leaking kernel heap
data.

* Kernel panic in 802.11 EAPOL parsing.

The generic 802.11 wireless driver does not correctly handle truncated
EAP-over-LAN frames leading to an out-of-bounds read and kernel panic.
This issue may be triggered by a remote attacker.

* Use-after-free in ath9k wireless driver.

Under certain conditions, an old, stale pointer that has already been 
released
could be accessed.

* Memory leak in Xen grant access driver.

Failure to release all allocations could result in a memory leak when
releasing grants.

* Deadlocks in NFSv4 during recovery.

Several bugs could result in deadlocks in a recovery situation for NFSv4.

* Buffer overrun in cifs.idmap handling.

It is possible for the userspace cifs.idmap to cause an buffer overrun
within the cifs subsystem if passed too many subauthorities.

* Memory corruption in netlink listener management.

RCU locking violations in netlink could lead to intermittent memory
corruption.

* Memory leak in USB networking transmit path.

Invalid reference counting in the transmit path of the USB networking
framework could result in a memory leak of USB requests.

* Use-after-free in L2TP Ethernet session.

The kernel L2TP driver does not correctly handle failing to initialize
a L2TPv3 Ethernet session leading to a use-after-free and kernel panic.

* NULL pointer dereference in af-packet interface.

The AF_PACKET net socket interface can generate an oops due to
a NULL pointer dereference when a socket is not present.

* CVE-2012-5517: NULL pointer dereference in memory hotplug.

A NULL pointer dereference can occur when a new node's hot-added
memory is propagated to other nodes zonelists. An unprivileged local
user can use this flaw to crash the system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.