[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (Debian 6.0.6)

[Christine Spang]

Synopsis: Debian 6.0.6 can now be patched using Ksplice
CVEs: CVE-2012-2136 CVE-2012-2313 CVE-2012-2319 CVE-2012-2390 
CVE-2012-2745 CVE-2012-3400 CVE-2012-3412 CVE-2012-3430

Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian kernel update, Debian 6.0.6.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2012-2136: Privilege escalation in TUN/TAP virtual device.

The length of packet fragments to be sent wasn't validated before use,
leading to heap overflow. A user having access to TUN/TAP virtual
device could use this flaw to crash the system or to potentially
escalate their privileges.


* CVE-2012-2313: Privilege escalation in the dl2k NIC.

The D-LINK dl2k network card was missing permission checks in the ioctl
handling function. This would allow an unprivileged user to reconfigure
the low-level link device and trigger a denial-of-service.


* CVE-2012-2319: Buffer overflow mounting corrupted hfs filesystem.

A buffer overflow flaw was found in the hfsplus_bnode_read() function in
the HFS+ file system implementation.  This could lead to a denial of
service if a user browsed a specially-crafted HFS+ file system, for
example, by running "ls".


* CVE-2012-2390: Memory leak in hugetlbfs mmap() failure.

Incorrect error handling in the mmap() implementation for hugetlbfs
could result in reservations not being freed resulting in a denial of
service.


* CVE-2012-2745: Denial-of-service in kernel key management.

A potential double-free of the replacement session keyring on fork()
could result in a denial-of-service by a local, unprivileged user.


* Denial-of-service in TCP retransmission timer.

Invalid socket locking could allow the kernel to modify a socket whilst
owned by the user resulting in a kernel crash and denial-of-service.


* Out-of-bound values allowed by fcntl_setlease.

A missing bounds check in fcntl_setlease may allow out-of-bounds values
due to an incorrect cast from a long to an integer.


* CVE-2012-3412: Remote denial of service through TCP MSS option in SFC NIC.

A malicious remote user may trigger a denial-of-service in hosts using 
the SFC
NIC by reducing the size of the TCP MSS and causing the victim to run out
of resources while processing the packets.


* CVE-2012-3400: Buffer overflow in UDF parsing.

A bug in the kernel's UDF file system driver could be exploited by an
unprivileged local user to crash the system.


* CVE-2012-3430: kernel information leak in RDS sockets.

Calling recvfrom() on an RDS socket could result in leaking the contents
of kernel stack memory to userspace.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.