[Ksplice][Ubuntu-12.10-Updates] New updates available via Ksplice (3.5.0-36.57)

[Samson Yeung]

Synopsis: 3.5.0-36.57 can now be patched using Ksplice

Systems running Ubuntu 12.10 Quantal can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.5.0-36.57.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.10 Quantal
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Heap buffer overflow in btrfs tree search ioctl.

Incorrect handling of large items could result in a buffer overflow
allowing a privileged, local user to corrupt kernel memory.


* Denial-of-service in CIFS inode handling.

In some cases, CIFS inode ops that had already been set were being reset,
leading to a kernel oops.  This could be used by a malicious user to cause
a denial of service.


* Kernel crash in IP virtual server SIP persistence engine.

Use of uninitialized memory in the SIP persistence engine could result
in a kernel crash.


* Denial-of-service in ncpfs.

A bug in ncpfs caused rmdir to no longer work.  This could be exploited
by a malicious user to cause a denial-of-service.


* NULL pointer dereference in Mantis DVB driver.

A missing NULL pointer check allowed a NULL pointer dereference
to occur in the Mantis DVB driver code.


* Invalid memory access in USB cxacru driver.

A potential array underflow in the USB cxacru driver could cause an
invalid kernel memory access.


* Kernel panic in mm pagewalk.

Invalid assumptions in the mm pagewalk code could cause a kernel
panic.  This can be triggered by simply cat'ing /proc/<pid>/smaps
while an application has a VM_PFNMAP range.


* Denial-of-service in md buffered I/O interface.

It is possible for the dm-bufio code to deadlock on vmalloc.  This could
be used to cause a denial-of-service.


* NULL pointer dereference in MMU notifier.

A race condition could lead to a NULL pointer dereference in the mmu
notifier code.


* Buffer overflow in CIFS options handling.

In some cases, insufficient memory was being allocated for the CIFS
mount options, leading to a buffer overflow.


* Integer overflow in FAT filesystem mounting.

Integer overflow in FAT filesystems could result in a corrupted
filesystem.


* Denial-of-service in ocfs2.

Invalid error handling in ocfs2 aio write could cause memory leaks and
cause locks to not get unlocked.  This could be used to cause a denial
of service.


* Denial-of-service in reiserfs with NFS clients.

A race condition that could occur with two NFS clients on a reiserfs
file system could lead to a deadlock.  This could be exploited to cause
a denial of service.


* Denial-of-service with reiserfs xattrs.

When performing a chown on a setuid reiserfs file with xattrs invalid
handling of mode bits could lead to a kernel deadlock.  This could be
used to cause a denial of service.


* Privilege escalation in XFS file truncation.

Truncating a non-zero sized file on an XFS filesystem did not clear the
SUID/SGID bits, allowing a local user with write access to the file to
possibly escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.