[Ksplice][Ubuntu-11.04-Updates] New updates available via Ksplice (2.6.38-15.60)
Jamie Iles
jamie.iles at oracle.com
Thu May 31 04:37:35 PDT 2012
Synopsis: 2.6.38-15.60 can now be patched using Ksplice
CVEs: CVE-2012-1601 CVE-2012-2121 CVE-2012-2123
Systems running Ubuntu 11.04 Natty can now use Ksplice to patch
against the latest Ubuntu kernel update, 2.6.38-15.60.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 11.04 Natty
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2012-2123: Privilege escalation when assigning permissions using fcaps.
If a process increases permissions using fcaps, all of the dangerous
personality flags which are cleared for suid apps are not cleared. This has
allowed programs that gained elevated permissions using fcaps to disable
the address space randomization of other processes.
* CVE-2012-1601: Denial of service in KVM VCPU creation.
Inconsistent state in the creation of KVM virtual CPU's could
lead to NULL pointer dereferences. A unprivileged local user
could use this flaw to crash the system.
* CVE-2012-2121: Memory leak in KVM device assignment.
KVM uses memory slots to track and map guest regions of memory. When device
assignment is used, the pages backing these slots are pinned in memory and mapped
into the iommu. The problem is that when a memory slot is destroyed the pages
for the associated memory slot are neither unpinned nor unmapped from the iommu.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-11.04-Updates
mailing list