[Ksplice][Ubuntu-11.04-Updates] New updates available via Ksplice (2.6.38-13.57)
Christine Spang
christine.spang at oracle.com
Fri Mar 23 08:32:26 PDT 2012
Synopsis: 2.6.38-13.57 can now be patched using Ksplice
CVEs: CVE-2011-4347
Systems running Ubuntu 11.04 Natty can now use Ksplice to patch
against the latest Ubuntu Security Notice, 2.6.38-13.57.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 11.04 Natty
install these updates. You can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* CVE-2011-4347: Denial of service in KVM device assignment.
Several bugs that allowed unprivileged users to improperly assign
devices to KVM guests could result in a denial of service.
* Kernel information leak in eCryptfs.
Crafting a filename with characters with high ASCII values allowed an
attacker to read kernel memory past the end of the filename_rev_map
array.
* NULL pointer dereference in eCryptfs.
A duplicate call to d_delete() caused a NULL pointer dereference when
NFSv3 was the lower filesystem.
* Kernel crash in semtimedop.
If a semaphore array was removed while a sleeping task was woken up,
the woken up task would not wait until wake_up_sem_queue_do
completed. wake_up_sem_queue_do would then read from a stale pointer,
causing a kernel crash.
* Denial of service in eCryptfs.
A user may trigger heavy reclaim or even the OOM-killer by writing large
amount of data to a eCryptfs device.
* Denial of service in the eCryptfs filesystem.
On 32bit systems, when truncating a file, the integer holding the file size
could overflow, which would put the write operation in an infinite loop in
the kernel.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-11.04-Updates
mailing list