[Ksplice][Ubuntu-11.04-Updates] New updates available via Ksplice (USN-1211-1)

Wed Sep 21 18:12:54 PDT 2011

Synopsis: USN-1211-1 can now be patched using Ksplice
CVEs: CVE-2011-1020 CVE-2011-1493 CVE-2011-1833 CVE-2011-2492 CVE-2011-2689 CVE-2011-2699 CVE-2011-2918

Systems running Ubuntu 11.04 Natty can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-1211-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 11.04 Natty install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any additional action.

DESCRIPTION

* Additional fix for CVE-2011-1493.

The ROSE protocol did not ensure that socket data being parsed wasn't being read in from beyond the boundaries of the incoming socket butter, which could result in information disclosure, or, in a very unlikely case, a local denial of service.

* CVE-2011-2689: Local denial of service in GFS2.

The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.

* CVE-2011-2492: Information leak in bluetooth implementation.

Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low)

* CVE-2011-1833: Information disclosure in eCryptfs.

Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs incorrectly validated permissions on the requested source directory. A local attacker could use this flaw to mount an arbitrary directory, possibly leading to information disclosure.

* CVE-2011-2699: Predictable IPv6 fragment identification numbers.

The generator for IPv6 fragment identification numbers used a single generator and thus was highly predictable and thus vulnerable to a denial of service attack.

* CVE-2011-2918: Denial of service in event overflows in perf.

Vince Weaver discovered that incorrect handling of software event overflows in the perf analysis tool could lead to local denial of service.

* CVE-2011-1020: Missing access restrictions in /proc subsystem.

The proc filesystem implementation did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or potentially cause other integrity issues.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.