[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (USN-1168-1)
Tim Abbott
tabbott at ksplice.com
Sat Jul 16 23:31:35 PDT 2011
Synopsis: USN-1168-1 can now be patched using Ksplice
CVEs: CVE-2010-4249 CVE-2011-1017 CVE-2011-1090 CVE-2011-1163 CVE-2011-1494 CVE-2011-1495 CVE-2011-1577 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1770 CVE-2011-2022
Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-1168-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid
install these updates. You can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to take
any additional action.
DESCRIPTION
* Remote denial of service in cifs_mount.
The kernel's CIFS client code could trigger a denial of service (BUG()
assertion failure) when connecting to a CIFS server providing unusual
shares.
* Denial of service in UBIFS filesystem via fsync.
Calling fsync on a file in a read-only UBIFS filesystem caused a
kernel oops, leading to denial of service.
* CVE-2011-1593: Denial of service in next_pidmap.
An integer signedness error in next_pidmap() could allow a local,
unprivileged user to cause a denial of service.
* CVE-2011-1017: Missing boundary checks in LDM partition table parsing.
When processing an LDM partition table, the kernel did not verify that
certain fields were within bounds, resulting in a possible heap overflow.
A local attacker could potentially exploit this to cause a denial of
service or information leak.
* CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.
Flaws in the AGPGART driver implementation when handling certain
IOCTL commands could allow a local, unprivileged user to cause a
denial of service or escalate their privileges.
* CVE-2011-1746: Integer overflow in agp_allocate_memory.
An integer overflow flaw in agp_allocate_memory() could allow a local,
unprivileged user to cause a denial of service or escalate their
privileges.
* CVE-2011-1494, CVE-2011-1495: Privilege escalation in LSI MPT Fusion SAS 2.0 driver.
Multiple vulnerabilities in the mpt2sas driver may allow local users to
gain privileges, cause a denial of service (memory corruption), or obtain
sensitive information from kernel memory.
* CVE-2011-1598: Denial of service in CAN/BCM protocol.
Dave Jones reported an issue in the Broadcast Manager Controller Area
Network (CAN/BCM) protocol that may allow local users to cause a NULL
pointer dereference, resulting in a denial of service.
* CVE-2011-1163: Kernel information leak parsing malformed OSF partition tables.
A buffer overflow flaw in the DEC Alpha OSF partition implementation in
the Linux kernel could allow a local attacker to cause an information leak
by mounting a disk that contains specially-crafted partition tables.
* Require CAP_SYS_ADMIN to rebalance btrfs filesystems.
* Additional CVE-2010-4249 update: Denial of service in UNIX sockets.
A flaw was found in the Linux kernel's garbage collector for AF_UNIX
sockets. A local, unprivileged user could use this flaw to trigger a
denial of service (out-of-memory condition).
The original Ubuntu fix for CVE-2010-4249 only contained one of the two
patches needed to address the vulnerability. This update contains the
second patch.
* Use after free bug in iwlwifi driver.
A use-after-free bug was found in the iwl_tx_queue_reclaim function in the
iwlwifi driver.
* CVE-2011-1748: Denial of service in CAN raw sockets.
Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw
socket implementation which permits local users to cause a NULL pointer
dereference, resulting in a denial of service.
* Buffer overflow in CIFS password processing.
When processing passwords, the cifs_parse_mount_options function in the
CIFS subsystem did not properly bounds-check the options array, resulting
in a buffer overflow.
* CVE-2011-1577: Missing boundary checks in EFI partition table parsing.
Timo Warns reported an issue in the Linux implementation for GUID
partitions. Users with physical access can gain access to sensitive
kernel memory by adding a storage device with a specially crafted
corrupted invalid partition table.
* CVE-2011-1770: Remote denial of service in DCCP options parsing.
Dan Rosenberg reported an issue in the Datagram Congestion Control
Protocol (DCCP). Remote users can cause a denial of service or potentially
obtain access to sensitive kernel memory.
* CVE-2011-1090: Denial of service in NFSv4 client.
An inconsistency was found in the interaction between the Linux kernel's
method for allocating NFSv4 (Network File System version 4) ACL data and
the method by which it was freed. This inconsistency led to a kernel panic
which could be triggered by a local, unprivileged user with files owned by
said user on an NFSv4 share.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ubuntu-10.04-Updates
mailing list