[Ksplice][Ubuntu-12.04-Updates] New updates available via Ksplice (3.2.0-35.55)
Sonja Tideman
sonja.tideman at oracle.com
Mon Dec 17 17:32:25 PST 2012
Synopsis: 3.2.0-35.55 can now be patched using Ksplice
CVEs: CVE-2012-5517
Systems running Ubuntu 12.04 Precise can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.2.0-35.55.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 12.04 Precise
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Data corruption and kernel panics caused by cryptd.
A race condition in the cryptd subsystem could lead to data corruption
or kernel panics.
* Out-of-bounds memory access in 802.11 frame reception.
Missing checks could cause the mac80211 driver to access invalid
memory. This could lead to kernel crashes or leaking kernel heap
data.
* Kernel panic in 802.11 EAPOL parsing.
The generic 802.11 wireless driver does not correctly handle truncated
EAP-over-LAN frames leading to an out-of-bounds read and kernel panic.
This issue may be triggered by a remote attacker.
* Use-after-free in ath9k wireless driver.
Under certain conditions, an old, stale pointer that has already been
released
could be accessed.
* Memory leak in Xen grant access driver.
Failure to release all allocations could result in a memory leak when
releasing grants.
* Deadlocks in NFSv4 during recovery.
Several bugs could result in deadlocks in a recovery situation for NFSv4.
* Buffer overrun in cifs.idmap handling.
It is possible for the userspace cifs.idmap to cause an buffer overrun
within the cifs subsystem if passed too many subauthorities.
* Memory corruption in netlink listener management.
RCU locking violations in netlink could lead to intermittent memory
corruption.
* Memory leak in USB networking transmit path.
Invalid reference counting in the transmit path of the USB networking
framework could result in a memory leak of USB requests.
* Use-after-free in L2TP Ethernet session.
The kernel L2TP driver does not correctly handle failing to initialize
a L2TPv3 Ethernet session leading to a use-after-free and kernel panic.
* NULL pointer dereference in af-packet interface.
The AF_PACKET net socket interface can generate an oops due to
a NULL pointer dereference when a socket is not present.
* CVE-2012-5517: NULL pointer dereference in memory hotplug.
A NULL pointer dereference can occur when a new node's hot-added
memory is propagated to other nodes zonelists. An unprivileged local
user can use this flaw to crash the system.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-12.04-Updates
mailing list