[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (DSA-2469-1)

[Christine Spang]

Synopsis: DSA-2469-1 can now be patched using Ksplice
CVEs: CVE-2011-4086 CVE-2012-0879 CVE-2012-2123

Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian Security Advisory, DSA-2469-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use after free in UBI driver.

The error path in erase_worker in the UBI (unsorted block images)
driver may allow an erase entry object to be used after it is freed.


* Double free on NFS server shutdown.

Shutting down an NFS server after changing its pool mode may lead to a
double free.


* NULL dereference in the NCR53C8XX/SYM53C8XX SCSI controller drivers.

During the destruction of a driver instance, a NULL dereference will 
occur if
the driver wasn't successfully allocated at the initialization function.


* Denial of service in eCryptfs.

A user may trigger heavy reclaim or even the OOM-killer by writing large
amount of data to a eCryptfs device.


* Bad SHA512 calculation under heavy load.

If the SHA512 hash function is being used under heavy load it may silently
calculate a wrong hash for the given data.

This may allow an attacker to cause invalid hash calculations by
repeatedly calling the hash function.


* Denial of service in XIP page fault handling.

A race condition in the execute-in-place page fault handling could
allow two threads which try to fault on the same memory page at the
same time to potentially OOPS the system.


* CVE-2012-0879: Denial of service in CLONE_IO.

CLONE_IO reference counting error could be exploited by an
unprivileged local user to cause denial of service.


* CVE-2012-2123: Privilege escalation when assigning permissions using 
fcaps.

If a process increases permissions using fcaps, all of the dangerous
personality flags which are cleared for suid apps are not cleared. This has
allowed programs that gained elevated permissions using fcaps to disable
the address space randomization of other processes.


* CVE-2011-4086: Denial of service in journaling block device.

The journal block device assumed that a buffer marked as unwritten
or delay could be live without checking if the buffer was mapped.

An unprivileged local user could use this flaw to crash the system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.