[Ksplice][Ubuntu-11.04-Updates] New updates available via Ksplice (USN-1246-1)

Tue Oct 25 18:43:26 PDT 2011

Synopsis: USN-1246-1 can now be patched using Ksplice
CVEs: CVE-2011-2213 CVE-2011-2497 CVE-2011-2695 CVE-2011-2700 
CVE-2011-2723 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191

Systems running Ubuntu 11.04 Natty can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1246-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 11.04 Natty
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

DESCRIPTION

* CVE-2011-3191: Memory corruption in CIFSFindNext.

Darren Lavender reported an issue in the Common Internet File System
(CIFS). A malicious file server could cause memory corruption leading
to a denial of service.

* CVE-2011-2928: Denial of service with too-long symlinks in BeFS.

The befs_follow_link function in the Linux kernel's implementation of
the Be filesystem did not validate the length attribute of long
symlinks, which allowed local users to cause a denial of service
(incorrect pointer dereference and OOPS) by accessing a long symlink
on a malformed Be filesystem.

* CVE-2011-2723: Remote denial of service vulnerability in gro.

The skb_gro_header_slow function in the Linux kernel had a bug which
allowed a remote attacker to put certain gro fields in an inconsistent
state, resulting in a denial of service.

* CVE-2011-2213: Arbitrary code injection bug in IPv4 subsystem.

Insufficient validation in inet_diag_bc_audit allowed a malicious user
to inject code or trigger an infinite loop.

* CVE-2011-2700: Buffer overflow in the si4713 radio driver.

Mauro Carvalho Chehab reported insufficient length checks in
si4713_write_econtrol_string allowing a buffer overflow.

* CVE-2011-2497: Buffer overflow in the Bluetooth subsystem.

A small user-provide value for the command size field in the command
header of an l2cap configuration request can cause a buffer overflow.

* CVE-2011-3188: Weak TCP sequence number generation.

Dan Kaminsky reported a weakness of the sequence number generation in
the TCP protocol implementation. This can be used by remote attackers
to inject packets into an active session.

* Denial of service in netfilter.

A denial of service (kernel oops) can be triggered in netfilter when a
container with networking unshared is destroyed prematurely.

* CVE-2011-2695: Off-by-one errors in the ext4 filesystem.

Multiple off-by-one errors in the ext4 subsystem in the Linux kernel
before 3.0-rc5 allow local users to cause a denial of service (BUG_ON
and system crash) by accessing a sparse file in extent format with a
write operation involving a block number corresponding to the largest
possible 32-bit unsigned integer.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.