[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (Debian 6.0.2)

Tim Abbott tabbott at ksplice.com
Sat Jun 25 20:23:35 PDT 2011 

Synopsis: Debian 6.0.2 can now be patched using Ksplice
CVEs: CVE-2011-1017 CVE-2011-1577 CVE-2011-1768

Systems running Debian 6.0 Squeeze can now use Ksplice to patch against 
the latest Debian kernel update, Debian 6.0.2.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze 
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, 
these updates will be installed automatically and you do not need to take 
any additional action.


DESCRIPTION

* CVE-2011-1577: Missing boundary checks in EFI partition table parsing.

Timo Warns reported an issue in the Linux implementation for GUID
partitions.  Users with physical access can gain access to sensitive
kernel memory by adding a storage device with a specially crafted
corrupted invalid partition table.


* Improved fix for CVE-2011-1017.

Debian's original patch for CVE-2011-1017 was not sufficient to close the 
vulnerability.


* NULL pointer deference with unix seqpacket sockets.

With UNIX seqpacket sockets, unconnected sockets calling the recvmsg() 
method could end up trying to receive a pseudo packet used for connecting, 
resulting in a NULL pointer deference.


* Use after free bug in iwlwifi driver.

A use-after-free bug was found in the iwl_tx_queue_reclaim function in the 
iwlwifi driver.


* Buffer underflow in CIFS driver.

When decoding the string area in a SESSION_SETUP response, the 
ssetup_ntlmssp_authenticate function in the CIFS subsystems did not check 
whether for bytes_remaining having reached 0, resulting in a buffer 
underflow.


* Buffer overflow in CIFS password processing.

When processing passwords, the cifs_parse_mount_options function in the 
CIFS subsystem did not properly bounds-check the options array, resulting 
in a buffer overflow.


* CVE-2011-1768: Remote denial of service in network protocols.

Alexecy Dobriyan reported an issue in several network protocol 
implementations.  Remote users can cause a denial of service by sending a 
packet during module initialization.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Debian-6.0-Updates mailing list