[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (DSA-2443-1)

[Nelson Elhage]

Synopsis: DSA-2443-1 can now be patched using Ksplice
CVEs: CVE-2009-4307 CVE-2011-1833 CVE-2011-4347 CVE-2012-0045
      CVE-2012-1090 CVE-2012-1097

Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian Security Advisory, DSA-2443-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2009-4307: Divide-by-zero mounting an ext4 filesystem.

A divide-by-zero flaw was found in the ext4 file system code. A local
attacker could use this flaw to cause a denial of service by mounting
a specially-crafted ext4 file system.


* CVE-2011-1833: Information disclosure in eCryptfs.

Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
incorrectly validated permissions on the requested source directory. A
local attacker could use this flaw to mount an arbitrary directory,
possibly leading to information disclosure.


* Denial of service in Video4Linux2 ioctls.

An integer overflow in video_usercopy in the Video4Linux2 subsystem
may cause access to invalid memory.


* Memory corruption in the Direct Rendering Manager.

A race condition in the Direct Rendering Manager may allow an
unprivileged user to corrupt kernel memory.


* Buffer overflow in the relay filesystem.

The relayfs filesystem did not properly check for integer overflows
when processing certain user-provided lengths.  An unprivileged user could
exploit this to overflow the relevant buffers and corrupt kernel memory.


* CVE-2012-1090: Denial of service in the CIFS filesystem reference counting.

Under certain circumstances, the CIFS filesystem would open files on
lookup. If the file was determined later to be a FIFO or any other
special file the file handle would be leaked, leading to reference
counting mismatch and a kernel OOPS on unmount.

An unprivileged local user could use this flaw to crash the system.


* CVE-2012-1097: NULL pointer dereference in the ptrace subsystem.

Under certain circumstances, ptrace-ing a process could lead to a NULL
pointer dereference and kernel panic.


* Denial of service truncating eCryptfs files.

On 32bit systems, when truncating a file, the integer holding the file size
could overflow, which would put the write operation in an infinite loop in
the kernel.


* CVE-2011-4347: Denial of service in KVM device assignment.

Several bugs that allowed unprivileged users to improperly assign
devices to KVM guests could result in a denial of service.


* CVE-2012-0045: Denial of service in KVM system call emulation.

A bug in the system call emulation for allowed local users on a 32-bit
KVM guest system to cause the guest system to panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.