[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (2.6.32-40.87)

Michael Ploujnikov michael.ploujnikov at oracle.com
Fri Mar 23 11:29:02 PDT 2012 

Synopsis: 2.6.32-40.87 can now be patched using Ksplice
CVEs: CVE-2011-4347 CVE-2012-0879

Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch
against the latest Ubuntu kernel update, 2.6.32-40.87.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* Denial of service in XIP page fault handling.

A race condition in the execute-in-place page fault handling could
allow two threads which try to fault on the same memory page at the
same time to potentially OOPS the system.


* Client with an NFSv4 mount becomes unstable after the server is restarted.

A machine with open files on an NFSv4 mount could become unstable
following an NFS server restart, due to incorrect error handling.


* NFS client connecting to the server hangs if packet loss occurs.

A client connecting to an NFS server will immediately disconnect
without sending any data if it experiences TCP packet loss. Incorrect
retry logic will cause it to reconnect and eventually get into an
inconsistent state.


* Denial of service truncating eCryptfs files.

On 32bit systems, when truncating a file, the integer holding the file size
could overflow, which would put the write operation in an infinite loop in
the kernel.


* Data corruption and information leak truncating eCryptfs files.

A programming flaw in the eCryptfs code could cause data corruption
and disclosure of information when truncating underlying files.


* CVE-2011-4347: Denial of service in KVM device assignment.

Several bugs that allowed unprivileged users to improperly assign
devices to KVM guests could result in a denial of service.


* CVE-2012-0879: Denial of service in CLONE_IO.

CLONE_IO reference counting error could be exploited by an
unprivileged local user to cause denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-10.04-Updates mailing list