[Ksplice][Ubuntu-10.10-Updates] New updates available via Ksplice (USN-1243-1)

Wed Oct 26 11:56:40 PDT 2011

Synopsis: USN-1243-1 can now be patched using Ksplice
CVEs: CVE-2011-1479 CVE-2011-2494 CVE-2011-2495 CVE-2011-2695 
CVE-2011-2905 CVE-2011-2909 CVE-2011-3188 CVE-2011-3363

Systems running Ubuntu 10.10 Maverick can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1243-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 10.10
Maverick install these updates.  You can install these updates by
running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

DESCRIPTION

* CVE-2011-3188: Weak TCP sequence number generation.

Dan Kaminsky reported a weakness of the sequence number generation in
the TCP protocol implementation. This can be used by remote attackers
to inject packets into an active session.

* CVE-2011-2695: Off-by-one errors in the ext4 filesystem.

Multiple off-by-one errors in the ext4 subsystem in the Linux kernel
before 3.0-rc5 allow local users to cause a denial of service (BUG_ON
and system crash) by accessing a sparse file in extent format with a
write operation involving a block number corresponding to the largest
possible 32-bit unsigned integer.

* CVE-2011-2495: Information leak in /proc/PID/io.

/proc/PID/io could be used for gathering private information and did
not have access restrictions.

* CVE-2011-1479: Double free in inotify.

Under certain error conditions, the inotify_init1 system call could
free a block of memory twice, leading to memory corruption.  A local
unprivileged attacker could exploit this error to cause a kernel
panic, system instability, or possibly escalation of privileges.

* CVE-2011-2909: Information leak in comedi driver.

The do_devinfo_ioctl function in the comedi driver incorrectly copied
uninitialized memory beyond the end of a string to user space.

* CVE-2011-2905: Arbitrary command execution in perf.

perf would look for configuration information in ./config, which could
contain malicious data leading to the execution of arbitrary commands.

* Improved fix for CVE-2011-3363.

Ubuntu's original fix for CVE-2011-3363 was lacking an appropriate
fallback path on old hardware.

* CVE-2011-2494: Information leak in taskstats.

Taskstats information could be used to gather private information, such
as precise password lengths from openssh. This update restricts
taskstats information to the root user, which has the side effect
of making the "iotop" program require root.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.