[Ksplice][Ubuntu-12.04-Updates] New updates available via Ksplice (USN-1448-1)

[Samson Yeung]

Synopsis: USN-1448-1 can now be patched using Ksplice
CVEs: CVE-2012-1601 CVE-2012-2123

Systems running Ubuntu 12.04 Precise can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1448-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.04 Precise
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory corruption in DRM framebuffer allocation.

A userspace application could request a framebuffer size which is bigger
than the maximum size allocated in the kernel, this would lead to memory
corruption and system hangs.


* Deadlock when using oplocked files on CIFS.

When two processors tried to use the same oplocked file on a CIFS FS,
a deadlock will occur if one processor attempts to unlock the lock while
the other processor is blocked on it.


* Bad access control permissions to dmesg_restrict sysctl.

The root user without the CAP_SYS_ADMIN capability was able to reset the
contents of the "/proc/sys/kernel/dmesg_restrict" configuration file to
0.  Consequently, the unprivileged root user could bypass the protection
of the "dmesg_restrict" file and read the kernel ring buffer.


* NULL pointer dereference when closing a bluetooth TTY.

A NULL pointer dereference will occur when closing a bluetooth TTY because
the driver will attempt to close the protocol driver before the device
has unregistered.


* NULL pointer dereference in USB serial driver.

A race condition between probing and opening a USB serial device
could result in a NULL pointer dereference.


* CVE-2012-2123: Privilege escalation when assigning permissions using 
fcaps.

If a process increases permissions using fcaps, all of the dangerous
personality flags which are cleared for suid apps are not cleared. This has
allowed programs that gained elevated permissions using fcaps to disable
the address space randomization of other processes.


* CVE-2012-1601: Denial of service in KVM VCPU creation.

Inconsistent state in the creation of KVM virtual CPU's could
lead to NULL pointer dereferences.  A unprivileged local user
could use this flaw to crash the system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.