[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (DSA-2303-2)

Nelson Elhage nelson.elhage at oracle.com
Tue Sep 13 11:08:12 PDT 2011 

Synopsis: DSA-2303-2 can now be patched using Ksplice

CVEs: CVE-2011-1020 CVE-2011-1576 CVE-2011-1768 CVE-2011-2484
      CVE-2011-2918 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191

Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian Security Advisory, DSA-2303-2.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-2484: Denial of service in taskstats kernel reporting utility.

The add_del_listener function in kernel/taskstats.c did not prevent
multiple registrations of exit handlers, allowing a local denial of
service attack via a crafted application.


* CVE-2011-1576: Denial of service with VLAN packets and GRO.

A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)
packets. An attacker on the local network could trigger this flaw by
sending specially-crafted packets to a target system, possibly causing
a denial of service. (CVE-2011-1576, Moderate)


* Improved fix for CVE-2011-1768.

Debian's original fix for CVE-2011-1768 had a bug which could cause
the system to crash when loading the ip6_tunnel module.


* CVE-2011-1020: Missing access restrictions in /proc subsystem.

The proc filesystem implementation did not restrict access to the
/proc directory tree of a process after this process performs an exec
of a setuid program, which allowed local users to obtain sensitive
information or potentially cause other integrity issues.


* CVE-2011-3191: Memory corruption in CIFSFindNext.

Darren Lavender reported an issue in the Common Internet File System
(CIFS). A malicious file server could cause memory corruption leading
to a denial of service.


* CVE-2011-2928: Denial of service with too-long symlinks in BeFS.

The befs_follow_link function in the Linux kernel's implementation of
the Be filesystem did not validate the length attribute of long
symlinks, which allowed local users to cause a denial of service
(incorrect pointer dereference and OOPS) by accessing a long symlink
on a malformed Be filesystem.


* CVE-2011-3188: Weak TCP sequence number generation.

Dan Kaminsky reported a weakness of the sequence number generation in
the TCP protocol implementation. This can be used by remote attackers
to inject packets into an active session.


* CVE-2011-2918: Denial of service in event overflows in perf.

Vince Weaver discovered that incorrect handling of software event
overflows in the perf analysis tool could lead to local denial of
service.

This update also includes a fix for a regression introduced with the
previous security fix for CVE-2011-1768 (Debian bug #633738).


SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Debian-6.0-Updates mailing list