[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (2.6.32-37.81)

Tim Abbott tim.abbott at oracle.com
Mon Dec 12 22:49:19 PST 2011


Synopsis: 2.6.32-37.81 can now be patched using Ksplice
CVEs: CVE-2011-1161 CVE-2011-1162 CVE-2011-3638 CVE-2011-4077 
CVE-2011-4081 CVE-2011-4132 CVE-2011-4326 CVE-2011-4330

Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch
against the latest Ubuntu kernel release, 2.6.32-37.81.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-1161: Information leak in transmission logic of TPM driver.

A missing buffer size check in tpm_transmit could allow leaking of
potentially sensitive kernel memory.


* CVE-2011-1162: Information leak in TPM driver.

A buffer in tpm_read was not initialized before being returned to
userspace, leading to a leak of potentially sensitive kernel memory.


* Buffer overread in x25.

Insufficient data size checking in x25_find_listener could result in
buffer overreads.


* CVE-2011-3638: Disk layout corruption bug in ext4 filesystem.

When splitting two extents in ext4_ext_convert_to_initialized(), an
extent was incorrectly not dirtied, resulting in the disk layout being
corrupted, which will eventually cause a kernel crash.


* CVE-2011-4081: NULL pointer dereference in GHASH cryptographic algorithm.

Nick Bowler reported an issue in the GHASH message digest
algorithm. ghash_update can pass a NULL pointer to gf128mul_4k_lle in some
cases, leading to a NULL pointer dereference (kernel OOPS).


* CVE-2011-4077: Buffer overflow in xfs_readlink.

A flaw in the way the XFS filesystem implementation handled links with
pathnames larger than MAXPATHLEN allowed an attacker to mount a
malicious XFS image that could crash the system or result in privilege
escalation.


* CVE-2011-4132: Denial of service in Journaling Block Device layer.

A flaw in the way the Journaling Block Device (JBD) layer handled an
invalid log first block value allowed an attacker to mount a malicious
ext3 or ext4 image that would crash the system.


* CVE-2011-4330: Buffer overflow in HFS file name translation logic.

Clement Lecigne reported a flaw in the way the HFS filesystem
implementation handled file names larger than HFS_NAMELEN. A missing
length check in hfs_mac2asc could result in a buffer overflow.


* CVE-2011-4326: Denial of service in IPv6 UDP Fragmentation Offload.

A flaw was found in the way the Linux kernel handled fragmented IPv6
UDP datagrams over the bridge with UDP Fragmentation Offload (UFO)
functionality on.  A remote attacker could use this flaw to cause a
denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.




More information about the Ksplice-Ubuntu-10.04-Updates mailing list