[Ksplice][Ubuntu-12.04-Updates] New updates available via Ksplice (3.2.0-30.48)

[jamie.iles at oracle.com]

Synopsis: 3.2.0-30.48 can now be patched using Ksplice

Systems running Ubuntu 12.04 Precise can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.2.0-30.48.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.04 Precise
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* NULL pointer dereference in scsi subsystem on host reset.

In some circumstances, a missing null pointer check can cause a system
crash when a host reset happens.


* Denial-of-service in cifs.

When CONFIG_HIGHMEM is set, some writeback kthreads can deadlock trying
to kmap memory.  This fixes this by serializing the marshall_iov
operations for asynchronous reads and writes.


* Information leak via incomplete copies in USB.

Copies of non-contiguous isochronous buffers in the USB subsystem may
leak kernel memory to a potential attacker.


* Various problems in target core unmap command.

The target core did not do sufficient checking when the unmap command was
issued to it. As a result, an attacker could unmap things they should
not be allowed to, potentially causing a denial of service on the
server.


* Use-after-free in SCSI request handling.

A use-after-free may occur if a SCSI request has no more references,
but is still rescheduled for completion.


* Data loss in ext4 filesystems.

An integer underflow in metadata block management could result in
allocation failure and data loss.


* Out-of-bound values allowed by fcntl_setlease.

A missing bounds check in fcntl_setlease may allow out-of-bounds values
due to an incorrect cast from a long to an integer.


* Fix ACPI oops when it is unable to initialize a power supply.

When the ACPI driver failed to initialize a power supply, the
failure wasn't getting returned causing the driver to mistakingly
believe the device was initialized.  This could lead to a kernel
oops.


* Memory leak in radeon driver.

Incorrect handling of retry cases could result in a memory
leak and denial of service.


* Fix invalid access to kexec_load() syscall.

Invalid checking of capabilities of a process mistakenly allowed
a process to invoke kexec_load even when that process was invoked
from a non-privileged namespace.


* NULL pointer dereference on remote control device removal.

Under certain circumstance, removing a usb remote control can cause
the lirc daemon to dereference a NULL pointer leading to a kernel oops.


* Fix possible memory corruption in floppy driver.

If the floppy driver fails during initialization, it could access memory
that was never properly initialized leading to memory corruption and a
possible oops.


* NULL pointer dereference in futex requeuing.

A missing NULL pointer check could result in a kernel crash when
attempting to requeue a futex.


* NULL pointer dereference in non-pi futexes.

Incorrect configuration of futex addresses could lead to a NULL pointer
dereference and kernel crash.


* Memory leak in device mapper thin provisioning driver.

Incorrect error handling could result in a memory leak and denial of
service.


* Denial-of-service in rpciod.

rpciod could deadlock when trying to allocate memory for a new socket
resulting in a system hang and denial-of-service.


* Kernel panic on SUNRPC initialization failure.

A kernel panic may occur due to a failed SUNRPC initialization due to invalid
return values returned by the initialization function.


* Use-after-free in freed page LRU handling.

A race condition between MMU notifier release and page unmapping may cause
the memory manager to access a page which was already freed.


* Out-of-bound access in ORE handling of external filesystems.

External filesystems using ORE may cause an out-of-bound access if the use
more than one ORE COMP for their device table.


* Possible denial of service in drop_monitor.

drop_monitor may sleep while holding a spinlock, which could lead
to a possible deadlock situation.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.