[Ksplice][Ubuntu-10.10-Updates] New updates available via Ksplice (USN-1227-1)

Nelson Elhage nelson.elhage at oracle.com
Tue Oct 11 14:11:48 PDT 2011


Synopsis: USN-1227-1 can now be patched using Ksplice
CVEs: CVE-2011-1576 CVE-2011-1776 CVE-2011-1833 CVE-2011-2213
      CVE-2011-2497 CVE-2011-2699 CVE-2011-2700 CVE-2011-2723
      CVE-2011-2918 CVE-2011-2928 CVE-2011-3191

Systems running Ubuntu 10.10 Maverick can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1227-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 10.10
Maverick install these updates.  You can install these updates by
running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-1833: Information disclosure in eCryptfs.

Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
incorrectly validated permissions on the requested source directory. A
local attacker could use this flaw to mount an arbitrary directory,
possibly leading to information disclosure.


* CVE-2011-2699: Predictable IPv6 fragment identification numbers.

The generator for IPv6 fragment identification numbers used a single
generator and thus was highly predictable and thus vulnerable to a
denial of service attack.


* CVE-2011-2918: Denial of service in event overflows in perf.

Vince Weaver discovered that incorrect handling of software event
overflows in the perf analysis tool could lead to local denial of
service.


* CVE-2011-3191: Memory corruption in CIFSFindNext.

Darren Lavender reported an issue in the Common Internet File System
(CIFS). A malicious file server could cause memory corruption leading
to a denial of service.


* CVE-2011-2928: Denial of service with too-long symlinks in BeFS.

The befs_follow_link function in the Linux kernel's implementation of
the Be filesystem did not validate the length attribute of long
symlinks, which allowed local users to cause a denial of service
(incorrect pointer dereference and OOPS) by accessing a long symlink
on a malformed Be filesystem.


* CVE-2011-2723: Remote denial of service vulnerability in gro.

The skb_gro_header_slow function in the Linux kernel had a bug which
allowed a remote attacker to put certain gro fields in an inconsistent
state, resulting in a denial of service.


* CVE-2011-1776: Missing boundary checks in EFI partition table parsing.

Timo Warns reported an issue in the Linux implementation for GUID
partitions. Users with physical access can gain access to sensitive
kernel memory by adding a storage device with a specially crafted
corrupted invalid partition table.


* CVE-2011-2213: Arbitrary code injection bug in IPv4 subsystem.

Insufficient validation in inet_diag_bc_audit allowed a malicious user
to inject code or trigger an infinite loop.


* CVE-2011-2700: Buffer overflow in the si4713 radio driver.

Mauro Carvalho Chehab reported insufficient length checks in
si4713_write_econtrol_string allowing a buffer overflow.


* CVE-2011-2497: Buffer overflow in the Bluetooth subsystem.

A small user-provide value for the command size field in the command
header of an l2cap configuration request can cause a buffer overflow.


* CVE-2011-1576: Denial of service with VLAN packets and GRO.

A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)
packets. An attacker on the local network could trigger this flaw by
sending specially-crafted packets to a target system, possibly causing
a denial of service.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.



More information about the Ksplice-Ubuntu-10.10-Updates mailing list