[Ksplice][Ubuntu-11.10-Updates] New updates available via Ksplice (3.0.0-23.38)

Wed Jul 18 18:58:18 PDT 2012

Synopsis: 3.0.0-23.38 can now be patched using Ksplice
CVEs: CVE-2012-2373

Systems running Ubuntu 11.10 Oneiric can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.0.0-23.38.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 11.10 Oneiric
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2012-2373: denial-of-service in PAE page tables.

On a PAE system, a non-atomic load could be corrupted by a page fault
resulting in a kernel crash, triggerable by an unprivileged user.

* Kernel OOPS when traversing open files in CIFS.

A kernel OOPS may occur when traversing open files on CIFS due to a failure
to handle modifications on the CIFS share.

* Memory leak in usb-audio PCM driver.

A missing free() in the hardware unplug code resulted in a memory leak.

* NULL pointer dereference when unmounting short-term mounts.

A missing check can cause a NULL pointer dereference when unmounting
short-term mounts.

* Deadlock in DRM TTM swapping subsystem.

A missing spinlock unlock can cause a deadlock when swapping out a buffer
that is scheduled for deletion.

* Use-after-free in IPv4 FIB handling.

Since FIB objects are released in a delayed manner, objects which are marked
for deletion must be ignored when looking up such objects.

* Use-after-free in handling of IPv4 routes.

The freeing of FIB objects wasn't being done in a delayed manner as expected
by RCU, which could cause a race condition leading to a use-after-free.

* Kernel oops in unbound L2TP IP sockets.

Missing checks for unbound sockets in the connect() path when using the
AF_UNSPEC address family could result in a kernel oops.

* Kernel oops on interrupt in wl1251 driver.

A kernel oops could be triggered if the wl1251 driver received an
interrupt before it was ready to process it.

* Denial of service in NFS back-channel request handling.

A memory leak on the failure path of processing back-channel requests
can lead to a local denial of service.

* Kernel crash in AESNI decryption for CBC mode.

The AESNI driver did not ensure the correct alignment of memory when
performing AES decryption in CBC mode leading to a kernel crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.