[Ksplice][Ubuntu-11.10-Updates] New updates available via Ksplice (USN-1363-1)

Tue Feb 14 12:36:15 PST 2012

Synopsis: USN-1363-1 can now be patched using Ksplice
CVEs: CVE-2011-2203 CVE-2011-4097 CVE-2011-4622 CVE-2012-0038 
CVE-2012-0055 CVE-2012-0207

Systems running Ubuntu 11.10 Oneiric can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1363-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 11.10 Oneiric
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

DESCRIPTION

* Kernel crash caused by invalid page in vmlist.

A missing check in __vmalloc_node_range could cause an invalid page to
be added to the vmlist, later causing a kernel crash.

*Improved fix for CVE-2011-2203.

Ubuntu provided a revised patch for CVE-2011-2203.

* Fix incorrect jump offset calculation in JIT BPF.

JIT computation in Berkeley Packet Filter (BPF) incorrectly calculated
the jump offset when a conditional jump was followed by a long jump,
which a properly formatted packet could exploit.

* Information leak in ext4 page-IO.

Parts of a page beyond EOF were not zeroed before being returned to
the user in ext4_bio_write_page. This allowed an mmap of a size other
than a multiple of PAGE_SIZE to read uninitialized memory.

* Buffer overflow in FUSE page retrieval.

If more than FUSE_MAX_PAGES_PER_REQ pages were requested in
fuse_retrieve, the request page array would overflow.

* CVE-2011-4622: NULL pointer deference in KVM interval timer emulation.

Starting PIT timers in the absence of irqchip support could cause a
NULL pointer dereference and kernel OOPs.

* Denial of service in the CFQ I/O scheduler.

A race condition which may occur between two processes may stop any I/O 
to one of
the processes.

* CVE-2011-4097: Integer overflow of points in oom_badness.

On 64-bit architectures, a task could cause a local denial of service
from an integer overflow if a portion of its OOM score exceeded a
certain value.

* Potential deadlock in filesystem core.

An incorrect argument to a memory allocator function in the Linux
kernel's core filesystem layer could result in a denial of service
(kernel deadlock) in certain cases.

* CVE-2012-0038: Buffer overflow in XFS ACL handling code.

An integer overflow bug in the XFS filesystem's ACL handling could
lead to a heap-based buffed overflow when mounting a maliciously
crafted XFS filesystem.

* Use after free in the USB communication device driver.

A dangling pointer in the USB communication device driver which may 
occur as a result
of a previous failure in that device, may be used to corrupt kernel memory.

* Denial of service in the ASIX network controller.

The ASIX 88772 network controller may enter an infinite loop due to 
heavy load
for a short period of time.

* CVE-2012-0055: Insufficient permissions checking on overlayfs.

Security restrictions on overlayfs were not being applied, resulting in
a user being able to bypass permissions and open otherwise restricted
files.

* CVE-2012-0207: Denial of service bug in IGMP.

The IGMP subsystem's compatability handling of v2 packets had a bug in
the computation of a delay field which could result in division by
zero (causing a kernel panic).

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.