[Ksplice][Ubuntu-12.10-Updates] New updates available via Ksplice (USN-1835-1)

[Jamie Iles]

Synopsis: USN-1835-1 can now be patched using Ksplice
CVEs: CVE-2013-1929 CVE-2013-3301

Systems running Ubuntu 12.10 Quantal can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1835-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.10 Quantal
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-1929: Buffer overflow in TG3 VPD firmware parsing.

Incorrect length checks when parsing the firmware could cause a buffer
overflow and corruption of memory.


* Buffer overflow when removing a PNFS device.

The buffer allocated for the removal command was too small, writing
too much data into it would have caused a buffer overflow.


* Deadlock in VFS mounting.

A deadlock can be triggered by performing a path lookup in 'getcwd' while
mounting a VFS filesystem.


* Deadlock in kernel nohz scheduler.

Incorrect locking in the nohz kernel thread scheduler can cause a deadlock
and kernel panic.


* Use after free on sysfs failure on readdir.

Errors in readdir weren't handled properly and internal structures were released
without being cleared, trigerring a use after free when they were later used
again.


* Use-after-free in btrfs scrubbing.

The background scrubbing process in btrfs causes a use-after-free condition
and kernel panic when encountering an error.


* NULL pointer dereference when closing Bluetooth SCO sockets.

Sockets which are in the middle of a connection process and were being
closed wouldn't stop the connection process properly, and would trigger
a NULL pointer dereference.


* Use after free due to directory read race in sysfs.

A race between reading and seeking a directory may occur due
to missing locking when executing the seek.


* Use after free in 802.1Q vlan tag deletion.

A vlan data structure may be used even after it was released due to wrong
release order.


* NULL pointer dereference in UNIX socket security management.

An incorrect ordering between marking a UNIX socket as dead and releasing
it can cause a NULL pointer dereference when the security subsystem tries
to verify permissions on that socket.


* Buffer overflow in AoE block driver SKB allocation.

The SKB size allocated for usage in the AoE driver was too small and
may cause buffer overflow.


* Leak in Reiser filesystem inode allocation.

The Reiser filesystem does not correctly handle deleting extended attributes
of files which contain '.' or '..' leading to inodes to be leaked on the
underlying device.


* Race condition in virtual memory subsystem.

It is possible to trigger a race condition between two processes with a
shared memory space that triggers a kernel panic (BUG_ON).


* Buffer overflow in Marvell wireless driver.

A buffer overflow can be triggered in the Marvell WiFi-Ex driver by a large number
of channels when scanning wireless networks.


* NULL pointer dereference in Intel 10GbE PCI Express driver.

The Intel 10GbE driver creates kernel data structures in an incorrect order
when loading causing a NULL pointer dereference and kernel panic.


* Invalid free in CAN networking.

The Controller Area Networking subsystem incorrectly frees scheduled jobs
leading to a kernel panic.


* Kernel panic in GFS2 file locking.

Attempting to lock a remote file on a GFS2 cluster that has been withdrawn can
trigger an assertion failure and kernel panic.


* CVE-2013-3301: NULL pointer dereference when seeking on ftrace files.

The sysfs interface to the kernel tracing infrastructure does not correctly
handle seeking leading to a NULL pointer dereference.


* Use-after-free in kernel module loading.

A race condition in the kobject subsystem can cause a use-after-free condition
and kernel panic when loading kernel modules.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.