[Ksplice][Ubuntu-11.10-Updates] New updates available via Ksplice (3.0.0-23.38)
Samson Yeung
samson.yeung at oracle.com
Wed Jul 18 18:58:18 PDT 2012
Synopsis: 3.0.0-23.38 can now be patched using Ksplice
CVEs: CVE-2012-2373
Systems running Ubuntu 11.10 Oneiric can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.0.0-23.38.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 11.10 Oneiric
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2012-2373: denial-of-service in PAE page tables.
On a PAE system, a non-atomic load could be corrupted by a page fault
resulting in a kernel crash, triggerable by an unprivileged user.
* Kernel OOPS when traversing open files in CIFS.
A kernel OOPS may occur when traversing open files on CIFS due to a failure
to handle modifications on the CIFS share.
* Memory leak in usb-audio PCM driver.
A missing free() in the hardware unplug code resulted in a memory leak.
* NULL pointer dereference when unmounting short-term mounts.
A missing check can cause a NULL pointer dereference when unmounting
short-term mounts.
* Deadlock in DRM TTM swapping subsystem.
A missing spinlock unlock can cause a deadlock when swapping out a buffer
that is scheduled for deletion.
* Use-after-free in IPv4 FIB handling.
Since FIB objects are released in a delayed manner, objects which are marked
for deletion must be ignored when looking up such objects.
* Use-after-free in handling of IPv4 routes.
The freeing of FIB objects wasn't being done in a delayed manner as expected
by RCU, which could cause a race condition leading to a use-after-free.
* Kernel oops in unbound L2TP IP sockets.
Missing checks for unbound sockets in the connect() path when using the
AF_UNSPEC address family could result in a kernel oops.
* Kernel oops on interrupt in wl1251 driver.
A kernel oops could be triggered if the wl1251 driver received an
interrupt before it was ready to process it.
* Denial of service in NFS back-channel request handling.
A memory leak on the failure path of processing back-channel requests
can lead to a local denial of service.
* Kernel crash in AESNI decryption for CBC mode.
The AESNI driver did not ensure the correct alignment of memory when
performing AES decryption in CBC mode leading to a kernel crash.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-11.10-Updates
mailing list