[Ksplice][Ubuntu-11.10-Updates] New updates available via Ksplice (USN-1533-1)

Jamie Iles jamie.iles at oracle.com
Sat Aug 11 11:40:31 PDT 2012 

Synopsis: USN-1533-1 can now be patched using Ksplice
CVEs: CVE-2012-2136 CVE-2012-3375 CVE-2012-3400

Systems running Ubuntu 11.10 Oneiric can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1533-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 11.10 Oneiric
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2012-2136: Privilege escalation in TUN/TAP virtual device.

The length of packet fragments to be sent wasn't validated before use,
leading to heap overflow. A user having access to TUN/TAP virtual
device could use this flaw to crash the system or to potentially
escalate their privileges.


* Use-after-free in l2tp_eth driver.

Incorrect module reference counts could result in the module being
unloaded whilst it was still in use and a use-after-free condition could
result in a kernel crash.


* Use-after-free in benet driver.

The benet driver could attempt to access a socket buffer after
transmission resulting in a use-after-free condition.


* CVE-2012-3375: Denial of service due to epoll resource leak in error path.

The upstream fix for CVE-2011-1083 introduced a flaw in the way
the Linux kernel's Event Poll (epoll) subsystem handled resource clean up
when an ELOOP error code was returned. A local, unprivileged user could use
this flaw to cause a denial of service.


* Use after free due to race condition in madvise.

A race condition between munmap and madvise can cause a use-after-free
in the memory management system.


* CVE-2012-3400: Buffer overflow in UDF parsing.

A bug in the kernel's UDF file system driver could be exploited by an
unprivileged local user to crash the system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-11.10-Updates mailing list