[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (USN-1168-1)

Tim Abbott tabbott at ksplice.com
Sat Jul 16 23:31:35 PDT 2011 

Synopsis: USN-1168-1 can now be patched using Ksplice
CVEs: CVE-2010-4249 CVE-2011-1017 CVE-2011-1090 CVE-2011-1163 CVE-2011-1494 CVE-2011-1495 CVE-2011-1577 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1770 CVE-2011-2022

Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch against 
the latest Ubuntu Security Notice, USN-1168-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid 
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, 
these updates will be installed automatically and you do not need to take 
any additional action.


DESCRIPTION

* Remote denial of service in cifs_mount.

The kernel's CIFS client code could trigger a denial of service (BUG() 
assertion failure) when connecting to a CIFS server providing unusual 
shares.


* Denial of service in UBIFS filesystem via fsync.

Calling fsync on a file in a read-only UBIFS filesystem caused a
kernel oops, leading to denial of service.


* CVE-2011-1593: Denial of service in next_pidmap.

An integer signedness error in next_pidmap() could allow a local, 
unprivileged user to cause a denial of service.


* CVE-2011-1017: Missing boundary checks in LDM partition table parsing.

When processing an LDM partition table, the kernel did not verify that 
certain fields were within bounds, resulting in a possible heap overflow.  
A local attacker could potentially exploit this to cause a denial of 
service or information leak.


* CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.

Flaws in the AGPGART driver implementation when handling certain
IOCTL commands could allow a local, unprivileged user to cause a
denial of service or escalate their privileges.


* CVE-2011-1746: Integer overflow in agp_allocate_memory.

An integer overflow flaw in agp_allocate_memory() could allow a local, 
unprivileged user to cause a denial of service or escalate their 
privileges.


* CVE-2011-1494, CVE-2011-1495: Privilege escalation in LSI MPT Fusion SAS 2.0 driver.

Multiple vulnerabilities in the mpt2sas driver may allow local users to 
gain privileges, cause a denial of service (memory corruption), or obtain 
sensitive information from kernel memory.


* CVE-2011-1598: Denial of service in CAN/BCM protocol.

Dave Jones reported an issue in the Broadcast Manager Controller Area 
Network (CAN/BCM) protocol that may allow local users to cause a NULL 
pointer dereference, resulting in a denial of service.


* CVE-2011-1163: Kernel information leak parsing malformed OSF partition tables.

A buffer overflow flaw in the DEC Alpha OSF partition implementation in 
the Linux kernel could allow a local attacker to cause an information leak 
by mounting a disk that contains specially-crafted partition tables.


* Require CAP_SYS_ADMIN to rebalance btrfs filesystems.


* Additional CVE-2010-4249 update: Denial of service in UNIX sockets.

A flaw was found in the Linux kernel's garbage collector for AF_UNIX 
sockets. A local, unprivileged user could use this flaw to trigger a 
denial of service (out-of-memory condition).

The original Ubuntu fix for CVE-2010-4249 only contained one of the two 
patches needed to address the vulnerability.  This update contains the 
second patch.


* Use after free bug in iwlwifi driver.

A use-after-free bug was found in the iwl_tx_queue_reclaim function in the 
iwlwifi driver.


* CVE-2011-1748: Denial of service in CAN raw sockets.

Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw 
socket implementation which permits local users to cause a NULL pointer 
dereference, resulting in a denial of service.


* Buffer overflow in CIFS password processing.

When processing passwords, the cifs_parse_mount_options function in the 
CIFS subsystem did not properly bounds-check the options array, resulting 
in a buffer overflow.


* CVE-2011-1577: Missing boundary checks in EFI partition table parsing.

Timo Warns reported an issue in the Linux implementation for GUID 
partitions.  Users with physical access can gain access to sensitive 
kernel memory by adding a storage device with a specially crafted 
corrupted invalid partition table.


* CVE-2011-1770: Remote denial of service in DCCP options parsing.

Dan Rosenberg reported an issue in the Datagram Congestion Control 
Protocol (DCCP). Remote users can cause a denial of service or potentially 
obtain access to sensitive kernel memory.


* CVE-2011-1090: Denial of service in NFSv4 client.

An inconsistency was found in the interaction between the Linux kernel's 
method for allocating NFSv4 (Network File System version 4) ACL data and 
the method by which it was freed. This inconsistency led to a kernel panic 
which could be triggered by a local, unprivileged user with files owned by 
said user on an NFSv4 share.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ubuntu-10.04-Updates mailing list