[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (2.6.32-41.88)

[Sasha Levin]

Synopsis: 2.6.32-41.88 can now be patched using Ksplice
CVEs: CVE-2011-4347 CVE-2012-0045 CVE-2012-1090 CVE-2012-1097

Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch
against the latest Ubuntu kernel update, 2.6.32-41.88.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Buffer overflow in the relay filesystem.

The relayfs filesystem did not properly check for integer overflows
when processing certain user-provided lengths.  An unprivileged user could
exploit this to overflow the relevant buffers and corrupt kernel memory.


* CVE-2012-1097: NULL pointer dereference in the ptrace subsystem.

Under certain circumstances, ptrace-ing a process could lead to a NULL
pointer dereference and kernel panic.


* Improved fix to CVE-2011-4347.

The vendor's original fix did not prevent devices from being assigned
without IOMMU protection which could allow a virtual machine to access
arbitrary host memory through a device.


* CVE-2012-0045: Denial of service in KVM system call emulation.

A bug in the system call emulation for cpuid allowed local users on a 32-bit
KVM guest system to cause the guest system to panic.


* CVE-2012-1090: Denial of service in the CIFS filesystem reference counting.

Under certain circumstances, the CIFS filesystem would open a file on
lookup. If the file was determined later to be a FIFO or any other
special file the file handle would be leaked, leading to reference
counting mismatch and a kernel OOPS on unmount.

An unprivileged local user could use this flaw to crash the system.


* Data corruption and exposure of encrypted data from eCryptFS files.

The ECRYPTFS_NEW_FILE crypt_stat flag was not cleared when extending a
file with truncate_upper. In some cases, this resulted in corruption
of data stored in eCryptFS, or userspace reads would see encrypted
file contents instead of the expected decrypted data.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.