[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-1186-1)

Tue Aug 9 16:53:26 PDT 2011

Synopsis: USN-1186-1 can now be patched using Ksplice
CVEs: CVE-2010-4073 CVE-2010-4165 CVE-2010-4249 CVE-2010-4649 CVE-2011-0711 CVE-2011-1010 CVE-2011-1044 CVE-2011-1090 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-2484 CVE-2011-2534

Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-1186-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 8.04 Hardy
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, 
these updates will be installed automatically and you do not need to take 
any additional action.

DESCRIPTION

* CVE-2010-4249: Local denial of service vulnerability in UNIX sockets.

A flaw was found in the Linux kernel's garbage collector for AF_UNIX 
sockets. A local, unprivileged user could use this flaw to trigger a 
denial of service (out-of-memory condition). (CVE-2010-4249, Moderate).

* Improved fix to CVE-2011-0711: Information leak in XFS filesystem.

A missing initialization flaw in the XFS file system implementation could 
lead to an information leak.

The update corrects a bug in the original Ubuntu fix for CVE-2011-0711.

* CVE-2011-1170, CVE-2011-1171, CVE-2011-1172: Information leaks in netfilter.

Missing validations of null-terminated string data structure elements in 
the do_replace(), compat_do_replace(), do_ipt_get_ctl(), 
do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local 
user who has the CAP_NET_ADMIN capability to cause an information leak.

* CVE-2011-1173: Information leak in Econet protocol.

Econet fails to initialize 4 bytes of padding in a structure, causing an 
information leak from the kernel stack over the network.

* CVE-2010-4649, CVE-2011-1044: Buffer overflow in InfiniBand uverb handling.

Dan Carpenter reported an issue in the uverb handling of the InfiniBand 
subsystem.  A potential buffer overflow may allow local users to cause a 
denial of service (memory corruption) by passing in a large cmd.ne value.

* CVE-2010-4073: Kernel information leaks in ipc compat subsystem.

Several functions in the System V IPC 32-bit compatability subsystem did 
not properly clear fields before copying data to user space, leaking data 
from uninitialized kernel stack memory to user space.

* CVE-2010-4165: Denial of service in TCP from user MSS.

A user program could cause a division by 0 in tcp_select_initial_window by 
passing in an invalid TCP_MAXSEG, leading to a kernel oops.

* CVE-2011-1010: Denial of service parsing malformed Mac OS partition tables.

A missing validation check was found in the Linux kernel's mac_partition() 
implementation, used for supporting file systems created on Mac OS 
operating systems. A local attacker could use this flaw to cause a denial 
of service by mounting a disk that contains specially-crafted partitions.

* CVE-2011-1090: Denial of service in NFSv4 client.

An inconsistency was found in the interaction between the Linux kernel's 
method for allocating NFSv4 (Network File System version 4) ACL data and 
the method by which it was freed. This inconsistency led to a kernel panic 
which could be triggered by a local, unprivileged user with files owned by 
said user on an NFSv4 share.

* CVE-2011-2534: Denial of service in iptables CLUSTERIP target.

A buffer overflow in the clusterip_proc_write function in 
net/ipv4/netfilter/ipt_CLUSTERIP.c might allow local users to cause a 
denial of service or have unspecified other impact via a crafted write 
operation, related to string data that lacks a terminating '\0' character.

* CVE-2011-2484: Denial of service in taskstats subsystem.

The add_del_listener function in kernel/taskstats.c in the Linux kernel 
did not prevent multiple registrations of exit handlers, which allowed 
local users to cause a denial of service (memory and CPU consumption), and 
bypass the OOM Killer, via a crafted application.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.