[Ksplice][Ubuntu-11.10-Updates] New updates available via Ksplice (USN-1472-1)

[Christine Spang]

Synopsis: USN-1472-1 can now be patched using Ksplice
CVEs: CVE-2012-2121 CVE-2012-2313 CVE-2012-2319 CVE-2012-2383 CVE-2012-2384

Systems running Ubuntu 11.10 Oneiric can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1472-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 11.10 Oneiric
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Deadlock in JFFS2 filesystem.

Under certain circumstances, circular locking in the JFFS2 filesystem
could result in a soft lockup.


* Denial of service in the Layer 2 Tunneling Protocol TX routine.

A specially crafted send request over the L2TP protocol could lead to
the TX function failing without releasing the socket mutex.


* Memory leak in memory control group.

The memory control group did not free all data structures on removal of
the last event leading to a memory leak.


* CVE-2012-2319: Buffer overflow mounting corrupted hfs filesystem.

A buffer overflow flaw was found in the hfsplus_bnode_read() function in
the HFS+ file system implementation.  This could lead to a denial of
service if a user browsed a specially-crafted HFS+ file system, for
example, by running "ls".


* Denial of service in TCP sockets.

Splicing data to a TCP socket in out-of-memory conditions could result
stalls and a denial of service.


* Task hang in sync-mounted ext4 filesystems.

An ext4 filesystem mounted with the sync option and no journal would
result in task hangs when accessing the filesystem.


* Use-after-free in device mapper subsystem.

The expiry of a timer after suspending a device could result in a
use-after-free resulting in undefined operation.


* CVE-2012-2313: Privilege escalation in the dl2k NIC.

The D-LINK dl2k network card was missing permission checks in the ioctl
handling function. This would allow an unprivileged user to reconfigure
the low-level link device and trigger a denial-of-service.


* Kernel OOPS when using the NFS client.

Due to a locking issue in the NFS client code, a kernel BUG will occur
when trying to use the NFS client.


* CVE-2012-2384: Integer overflow in i915 execution buffer.

An integer overflow in the i915 execution buffer code could result in a
user triggering a denial-of-service attack or elevating privileges.


* CVE-2012-2383: Integer overflow in i915 execution buffer management.

An integer overflow in the i915 execution buffer management code could
result in a user triggering a denial-of-service attack or elevating
privileges.


* CVE-2012-2121: Memory leak in KVM device assignment.

KVM uses memory slots to track and map guest regions of memory.  When device
assignment is used, the pages backing these slots are pinned in memory 
and mapped
into the iommu.  The problem is that when a memory slot is destroyed the 
pages
for the associated memory slot are neither unpinned nor unmapped from 
the iommu.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.