[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (Ubuntu-2.6.32-30.59)
Keegan McAllister
keegan at ksplice.com
Fri Mar 18 15:20:33 PDT 2011
Synopsis: Ubuntu-2.6.32-30.59 can now be patched using Ksplice
CVEs: CVE-2010-4077 CVE-2010-4158 CVE-2010-4175 CVE-2010-4668
Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch against
the latest Ubuntu kernel update, Ubuntu-2.6.32-30.59.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack Ubuntu 10.04 Lucid users install
these updates. You can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* Denial of service in nfs_do_fsync.
The function nfs_do_fsync erroneously reports failure, causing system calls
like close() on an NFS-mounted file to hang indefinitely.
* CVE-2010-4668: Kernel panic in block subsystem.
By submitting certain I/O requests with 0 length, a local user could cause
a denial of service (kernel panic).
* CVE-2010-4158: Kernel information leak in socket filters.
The sk_run_filter function in the kernel's socket filter implementation
did not properly clear an array on the kernel stack, resulting in
uninitialized kernel stack memory being copied to user space.
* CVE-2010-4077: Kernel information leak in nozomi driver.
The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack is not altered or
zeroed before being copied back to the user.
* Improved fix for CVE-2010-4175.
Ubuntu provided a revised patch for CVE-2010-4175 for Lucid kernels.
* Data corruption on SCSI medium error.
Certain SCSI devices will report a bad sector without returning the data read
up to that point. This case was handled incorrectly, resulting in
uninitialized buffer garbage being returned to userspace.
* Denial of service on insert of broken USB hub.
Inserting a USB hub with a broken configuration lacking transaction translators
could cause a crash in the kernel's USB stack.
* Crash on removal of ti_usb module.
Removing the ti_usb module while a TI 3410/5052 USB serial device is plugged in
could cause a kernel oops.
* Infinite loop in SAS error handling.
The error handler for Serial Attached SCSI devices could enter an infinite
loop, consuming all resources on at least one CPU.
* Use-after-free bug in NFS async I/O.
Under certain conditions, an asynchronous I/O request to a NFS-mounted
filesystem would be served by two different kernel subsystems, resulting
in a use-after-free bug and a kernel crash or memory corruption.
* Unexpected wakeup on ptrace detach.
Detaching from a traced process which is waiting on some kernel event could
cause an unexpected wakeup, resulting in an oops or other kernel misbehavior.
* Denial of service on init of prism2 WiFi with hostap_cs.
Inserting a prism2-based WiFi card can cause the hostap_cs
driver to call a sleeping function while holding a spinlock,
resulting in a system freeze or a BUG message.
* Error on adding device to RAID array without metadata.
Adding a device to a RAID array without metadata can fail erroneously.
* Memory corruption in multipath deactivation queueing.
The multi-device (e.g. RAID) multipath driver queues deactivation
events in a way which can cause memory corruption.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ubuntu-10.04-Updates
mailing list