[Ksplice][Ubuntu-11.04-Updates] New updates available via Ksplice (2.6.38-13.57)

[Christine Spang]

Synopsis: 2.6.38-13.57 can now be patched using Ksplice
CVEs: CVE-2011-4347

Systems running Ubuntu 11.04 Natty can now use Ksplice to patch
against the latest Ubuntu Security Notice, 2.6.38-13.57.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 11.04 Natty
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-4347: Denial of service in KVM device assignment.

Several bugs that allowed unprivileged users to improperly assign
devices to KVM guests could result in a denial of service.


* Kernel information leak in eCryptfs.

Crafting a filename with characters with high ASCII values allowed an
attacker to read kernel memory past the end of the filename_rev_map
array.


* NULL pointer dereference in eCryptfs.

A duplicate call to d_delete() caused a NULL pointer dereference when
NFSv3 was the lower filesystem.


* Kernel crash in semtimedop.

If a semaphore array was removed while a sleeping task was woken up,
the woken up task would not wait until wake_up_sem_queue_do
completed. wake_up_sem_queue_do would then read from a stale pointer,
causing a kernel crash.


* Denial of service in eCryptfs.

A user may trigger heavy reclaim or even the OOM-killer by writing large
amount of data to a eCryptfs device.


* Denial of service in the eCryptfs filesystem.

On 32bit systems, when truncating a file, the integer holding the file size
could overflow, which would put the write operation in an infinite loop in
the kernel.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.