[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-1225-1)

Nelson Elhage nelson.elhage at oracle.com
Tue Oct 4 13:19:32 PDT 2011 

Synopsis: USN-1225-1 can now be patched using Ksplice
CVEs: CVE-2011-1776 CVE-2011-2213 CVE-2011-2497 CVE-2011-2699
      CVE-2011-2928 CVE-2011-3191

Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-1225-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 8.04 Hardy
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-2699: Predictable IPv6 fragment identification numbers.

The generator for IPv6 fragment identification numbers used a single
generator and thus was highly predictable and thus vulnerable to a
denial of service attack.


* CVE-2011-3191: Memory corruption in CIFSFindNext.

Darren Lavender reported an issue in the Common Internet File System
(CIFS). A malicious file server could cause memory corruption leading
to a denial of service.


* CVE-2011-2928: Denial of service with too-long symlinks in BeFS.

The befs_follow_link function in the Linux kernel's implementation of
the Be filesystem did not validate the length attribute of long
symlinks, which allowed local users to cause a denial of service
(incorrect pointer dereference and OOPS) by accessing a long symlink
on a malformed Be filesystem.


* CVE-2011-1776: Missing boundary checks in EFI partition table parsing.

Timo Warns reported an issue in the Linux implementation for GUID
partitions. Users with physical access can gain access to sensitive
kernel memory by adding a storage device with a specially crafted
corrupted invalid partition table.


* CVE-2011-2213: Arbitrary code injection bug in IPv4 subsystem.

Insufficient validation in inet_diag_bc_audit allowed a malicious user
to inject code or trigger an infinite loop.


* CVE-2011-2497: Buffer overflow in the Bluetooth subsystem.

A small user-provide value for the command size field in the command
header of an l2cap configuration request can cause a buffer overflow.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ksplice-Ubuntu-8.04-Updates mailing list