[Ksplice][Ubuntu-12.10-Updates] New updates available via Ksplice (3.5.0-36.57)
Samson Yeung
samson.yeung at oracle.com
Fri Jul 5 18:12:49 PDT 2013
Synopsis: 3.5.0-36.57 can now be patched using Ksplice
Systems running Ubuntu 12.10 Quantal can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.5.0-36.57.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 12.10 Quantal
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Heap buffer overflow in btrfs tree search ioctl.
Incorrect handling of large items could result in a buffer overflow
allowing a privileged, local user to corrupt kernel memory.
* Denial-of-service in CIFS inode handling.
In some cases, CIFS inode ops that had already been set were being reset,
leading to a kernel oops. This could be used by a malicious user to cause
a denial of service.
* Kernel crash in IP virtual server SIP persistence engine.
Use of uninitialized memory in the SIP persistence engine could result
in a kernel crash.
* Denial-of-service in ncpfs.
A bug in ncpfs caused rmdir to no longer work. This could be exploited
by a malicious user to cause a denial-of-service.
* NULL pointer dereference in Mantis DVB driver.
A missing NULL pointer check allowed a NULL pointer dereference
to occur in the Mantis DVB driver code.
* Invalid memory access in USB cxacru driver.
A potential array underflow in the USB cxacru driver could cause an
invalid kernel memory access.
* Kernel panic in mm pagewalk.
Invalid assumptions in the mm pagewalk code could cause a kernel
panic. This can be triggered by simply cat'ing /proc/<pid>/smaps
while an application has a VM_PFNMAP range.
* Denial-of-service in md buffered I/O interface.
It is possible for the dm-bufio code to deadlock on vmalloc. This could
be used to cause a denial-of-service.
* NULL pointer dereference in MMU notifier.
A race condition could lead to a NULL pointer dereference in the mmu
notifier code.
* Buffer overflow in CIFS options handling.
In some cases, insufficient memory was being allocated for the CIFS
mount options, leading to a buffer overflow.
* Integer overflow in FAT filesystem mounting.
Integer overflow in FAT filesystems could result in a corrupted
filesystem.
* Denial-of-service in ocfs2.
Invalid error handling in ocfs2 aio write could cause memory leaks and
cause locks to not get unlocked. This could be used to cause a denial
of service.
* Denial-of-service in reiserfs with NFS clients.
A race condition that could occur with two NFS clients on a reiserfs
file system could lead to a deadlock. This could be exploited to cause
a denial of service.
* Denial-of-service with reiserfs xattrs.
When performing a chown on a setuid reiserfs file with xattrs invalid
handling of mode bits could lead to a kernel deadlock. This could be
used to cause a denial of service.
* Privilege escalation in XFS file truncation.
Truncating a non-zero sized file on an XFS filesystem did not clear the
SUID/SGID bits, allowing a local user with write access to the file to
possibly escalate privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-12.10-Updates
mailing list