[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-1323-1)

[Christine Spang]

Synopsis: USN-1323-1 can now be patched using Ksplice
CVEs: CVE-2011-1162 CVE-2011-2203 CVE-2011-3359 CVE-2011-4110

Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-1323-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 8.04 Hardy
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-1162: Information leak in TPM driver.

A buffer in tpm_read was not initialized before being returned to
userspace, leading to a leak of potentially sensitive kernel memory.


* CVE-2011-2203: Null pointer dereference mounting HFS filesystems.

A NULL pointer dereference flaw was found in the Linux kernel's HFS
file system implementation. A local attacker could use this flaw to
cause a denial of service by mounting a disk that contains a
specially-crafted HFS file system with a corrupted MDB extent
record. (CVE-2011-2203, Low)


* CVE-2011-4110: Denial of service in kernel key management facilities.

A flaw in the way user-defined key types were handled allowed an
uprivileged local user to crash the system via a NULL pointer
dereference and kernel OOPS.


* CVE-2011-3359: Denial of service in Broadcom 43xx wireless driver.

A flaw was found in the b43 driver in the Linux kernel.  If a system
had an active wireless interface that uses the b43 driver, an attacker
able to send a specially-crafted frame to that interface could cause a
denial of service.  (CVE-2011-3359, Moderate)

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.