[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (Debian 6.0.3)

[Nelson Elhage]

Synopsis: Debian 6.0.3 can now be patched using Ksplice
CVEs: CVE-2011-2213 CVE-2011-2898 CVE-2011-3353

Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian Security Advisory, Debian 6.0.3.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* ext3: Fix possible corruption when creating an index on a directory.

If adding an index to a directory failed (for example, by running out
of disk space), the directory could be corrupted on disk.


* Denial of service in uvcvideo video driver.

The uvcvideo driver did not correctly remove certain buffers from a
queue before freeing them, resulting in a possible denial of service
(kernel oops) or memory corruption.


* CVE-2011-2213: Arbitrary code injection bug in IPv4 subsystem.

Insufficient validation in inet_diag_bc_audit allowed a malicious user
to inject code or trigger an infinite loop.


* CVE-2011-2898: Information leak in packet subsystem

Uninitialized struct padding in the packet subsystem led to an
information leak of two bytes of kernel memory to userspace.


* Memory corruption in rpcb_getport_async.

The rpcb_getport_async function in the sunrpc implementation
incorrectly made use of a static function variable, resulting in a
possible denial of service or privilege escalation.


* Kernel BUG in ext3 xattr handling.

A race condition in the ext3 filesystem's handling of user extended
attributes (xattrs) could result in a denial of service condition
(kernel BUG).


* svrpc: Fix memory corruption on nfsd shutdown.

A logic error in the svc_delete_xprt function could result in a
use-after-free condition on nfsd shutdown, resulting in a potential
denial-of-service or privilege escalation.


* Incorrect index handling in snd_pcm_ioctl_xfern_compat.

A programming error in the snd_pcm_ioctl_xfern_compat function could
result in denial of service or privilege escalation while processing
user requests to certain sound devices.


* NULL pointer deference in dm multipath driver.

Supplying fewer feature arguments than indicated to parse_features
allowed a NULL pointer dereference.


* NULL deference in devpts_pty_new.

A logic error in the devpts_pty_new function could result in a denial
of service (kernel NULL pointer dereference) during an out-of-memory
condition.


* CVE-2011-3353: Buffer overrun in fuse_notify_inval_entry.

The fuse_notify_inval_entry function failed to validate the length of a
requested write, potentially resulting in a denial of service (kernel BUG).


* Corruption with sendfile to non-sockets

A flaw in the direct_splice_actor function could cause corruption in
userspace when using the sendfile system call with output files other
than sockets.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.