[Ksplice][Ubuntu-11.04-Updates] New updates available via Ksplice (2.6.38-14.58)
Jamie Iles
jamie.iles at oracle.com
Wed Apr 11 06:34:44 PDT 2012
Synopsis: 2.6.38-14.58 can now be patched using Ksplice
CVEs: CVE-2011-4347 CVE-2012-0045 CVE-2012-1097 CVE-2012-1146
Systems running Ubuntu 11.04 Natty can now use Ksplice to patch
against the latest Ubuntu kernel update, 2.6.38-14.58.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 11.04 Natty
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2012-1097: NULL pointer dereference in the ptrace subsystem.
Under certain circumstances, ptrace-ing a process could lead to a NULL
pointer dereference and kernel panic.
* CVE-2012-1146: Denial of service in the cgroup eventfd handling.
The cgroup event handler didn't check whether there are any events registered for
a specific memory cgroup before trying to unregister them. This would lead to a
kernel OOPS if there weren't any events to be unregistered.
* Improved fix to CVE-2011-4347.
The vendor's original fix did not prevent devices from being assigned
without IOMMU protection which could allow a virtual machine to access
arbitrary host memory through a device.
* CVE-2012-0045: Denial of service in KVM system call emulation.
A bug in the system call emulation for the syscall instruction allowed
local users on a 32-bit KVM guest system to cause the guest system to
panic.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-11.04-Updates
mailing list