[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-1268-1)

Christine Spang christine.spang at oracle.com
Wed Nov 23 11:07:21 PST 2011 

Synopsis: USN-1268-1 can now be patched using Ksplice
CVEs: CVE-2011-1585 CVE-2011-1767 CVE-2011-1768 CVE-2011-2491 
CVE-2011-2496 CVE-2011-2525 CVE-2011-3209

Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-1268-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 8.04 Hardy
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-2525: Denial of Service in packet scheduler API

A flaw allowed the tc_fill_qdisc() function in the Linux kernel's
packet scheduler API implementation to be called on built-in qdisc
structures.  A local, unprivileged user could use this flaw to trigger
a NULL pointer dereference, resulting in a denial of service.
(CVE-2011-2525, Moderate)


* CVE-2011-2496: Local denial of service in mremap().

Robert Swiecki discovered that mremap() could be abused for local denial of
service by triggering a BUG_ON assert.


* CVE-2011-2491: Local denial of service in NLM subsystem.

A flaw in the client-side NLM implementation could allow a local,
unprivileged user to cause a denial of service.


* CVE-2011-1585: Authentication bypass in CIFS.

Jeff Layton reported an issue in the Common Internet File System (CIFS).
Local users can bypass authentication requirements for shares that are
already mounted by another user.


* CVE-2011-1767: Remote denial of service in GRE over IP.

Alexecy Dobriyan reported an issue in the GRE over IP implementation.
Remote users can cause a denial of service by sending a packet during
module initialization.


* CVE-2011-3209: Denial of Service in clock implementation.

A flaw in the kernel's clock implementation could allow a local,
unprivileged user to cause a denial of service.


* CVE-2011-1768: Incorrect initialization order in IP tunnel protocols.

Multiple IP tunnel protocols initialized data structures out of order,
resulting in a possible denial of service (kernel oops) if a packet
arrives during certain intervals while the module is being
loaded.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ksplice-Ubuntu-8.04-Updates mailing list