[Ksplice][Ubuntu-11.10-Updates] New updates available via Ksplice (USN-1487-1)

Fri Jun 29 20:24:29 PDT 2012

Synopsis: USN-1487-1 can now be patched using Ksplice
CVEs: CVE-2012-2375

Systems running Ubuntu 11.10 Oneiric can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1487-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 11.10 Oneiric
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2012-2375: Kernel crash in NFSv4.

The upstream fix for CVE-2010-4131 was incomplete and still exploitable
under certain circumstances.  nfs4_getfacl decoding causes a kernel
crash when a server returns more than 2 GETATTR bitmap words in response
to the FATTR4_ACL attribute request.

* NULL pointer dereference in Fusion MPT SCSI driver.

Improper memsets in _base_get_port_facts and _base_get_ioc_facts
caused multiple MPT2SAS_ADAPTER fields to be zeroed. These fields were
later dereferenced, causing a kernel OOPS.

* NULL pointer dereference in Chelsio T4 RDMA Driver.

Attempting to abort a nonexistent peer in peer_abort_intr allowed a
NULL pointer dereference and kernel OOPS.

* Use-after-free in selinux policy loading.

Incorrect initialisation of the number of policy booleans could result
in accessing stale data after failing to load a new policy and undefined
behaviour.

* Use-after-free in shared memory policies.

Incorrect reference counting with shared memory policies could lead to a
use-after-free condition and undefined behaviour.  With SLUB debugging
enabled this could result in a kernel crash.

* Use-after-free in USB userspace device I/O.

Incorrect reference counting lead to a possible race condition in
several paths and a possible use-after-free resulting in undefined
behaviour.

* Deadlock in device mapper subsystem.

The device mapper used the wrong type of memory allocation in flush
submission resulting in possible deadlock and a denial-of-service.

* Insufficient validation in asynchronous I/O.

Insufficient validation in the asynchronous I/O setup code could result
in accessing files locked with a mandatory file lock or overflowing the
file offset leading to data corruption.

* Invalid limit calculation in i386 non-executable emulation.

An incorrect parameter to the obtain i386 VDSO VMA could result in using
an invalid address limit for the non-executable area of memory.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.