[Ksplice][Ubuntu-12.10-Updates] New updates available via Ksplice (USN-2043-1)

[Oracle Ksplice]

Synopsis: USN-2043-1 can now be patched using Ksplice
CVEs: CVE-2013-4299 CVE-2013-4470

Systems running Ubuntu 12.10 Quantal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2043-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.10 Quantal
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Invalid user stack expansion on VMA overrun.

Under specific conditions, an overrun of a virtual memory area in a
userspace task can cause the stack to be incorrectly expanded leading to
application failures.


* Kernel crash in btrfs backref checking.

Incorrect handling of backref checking for blocks could result in
hitting a kernel assertion and kernel crash.


* Denial-of-service in ext4 extended attribute error handling.

Missing memory freeing in the error path of extended attribute handling
could cause a memory leak and denial of service under specific
circumstances.


* CVE-2013-4299: Information leak in device mapper persistent snapshots.

An information leak flaw was found in the way Linux kernel's device
mapper subsystem, under certain conditions, interpreted data written to
snapshot block devices. An attacker could use this flaw to read data
from disk blocks in free space, which are normally inaccessible.


* Memory corruption in Broadcom bnx2x GSO.

The Broadcom driver for NetXtremeII devices does not correctly handle cloned
packet data when GSO is enabled leading to memory corruption and a kernel panic.


* Use-after-free in IP TIME_WAIT sockets.

Incorrect reference counting in the kernel IP stack when handling receiving data
on TIME_WAIT sockets can trigger a use-after-free condition and cause a kernel
panic.


* Information leak in netlink connector.

When sending messages through the netlink connector, some elements of the message
are not initialised causing the contents of kernel memory to be exposed to
userspace.


* Deadlock in L2TP PPP packet transmission.

Invalid locking when transmitting packets over a L2TP PPP connection can trigger
a kernel deadlock when two processes send packets over the same connection.


* Information leak in FarSync network driver ioctl.

The SIOCWANDEV ioctl in the FarSync T-Series network driver does not initialise
memory before returning data to userspace, causing the contents of kernel memory
to be leaked to userspace.


* Information leak in Unix socket monitoring interface.

The Unix socket monitoring interface does not initialise memory when sending
information over a netlink socket causing the contents of kernel memory to be
leaked to userspace.


* Kernel panic in netlink kernel/userspace connector.

An incorrect length check when processing netlink messages in the kernel/
userspace connector can cause an out-of-bounds access and kernel panic.


* Information leak in wanXL IF_GET_IFACE ioctl.

The SBE wanXL network driver does not initialise memory when handling the
IF_GET_IFACE ioctl causing the contents of kernel memory to be leaked to
userspace.


* Denial-of-service in IPv4 CIPSO header validation.

The kernel IPv4 stack does not correctly handle malformed CIPSO headers in IPv4
packets leading to an infinite loop and kernel panic.


* CVE-2013-4470: Memory corruption in IPv4 and IPv6 networking corking with UFO.

The kernel IP stack does not correctly handle sending fragmented packets via a
device which has UDP Fragmentation Offload enabled leading to memory corruption
and a kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.