[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-1390-1)

[Christine Spang]

Synopsis: USN-1390-1 can now be patched using Ksplice
CVEs: CVE-2011-1017 CVE-2011-2182 CVE-2011-4324 CVE-2012-0028

Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-1390-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 8.04 Hardy
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-2182: Incomplete fix for CVE-2011-1017 buffer overflow in 
ldm_frag_add.

The patch for CVE-2011-1017 (buffer overflow in ldm_frag_add) did not
handle some edge cases allowing for buffer overflows in the
ldm_frag_add function of the Windows Logical Disk Manager.


* CVE-2012-0028: Privilege escalation in user-space futexes.

A flaw was found in the way the Linux kernel handled robust list
pointers of user-space held futexes across exec() calls. A local,
unprivileged user could use this flaw to cause a denial of service or,
eventually, escalate their privileges.


* CVE-2011-4324: Denial of service vulnerability in NFSv4.

A flaw was found in the Linux kernel's encode_share_access()
implementation. A local, unprivileged user could use this flaw to
trigger a denial of service by creating a regular file on an NFSv4
(Network File System version 4) file system via mknod().

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.