[Ksplice][Ubuntu-11.10-Updates] New updates available via Ksplice (3.0.0-17.30)

[Jessica McKellar]

Synopsis: 3.0.0-17.30 can now be patched using Ksplice
CVEs: CVE-2011-4347

Systems running Ubuntu 11.10 Oneiric can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.0.0-17.30.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 11.10 Oneiric
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* NULL dereference in the proc filesystem.

A missing check when releasing a handle to a memory file in the proc
filesystem could allow a NULL dereference.


* Denial of service in XIP page fault handling.

A race condition in the execute-in-place page fault handling could
allow two threads which try to fault on the same memory page at the
same time to potentially OOPS the system.


* NULL dereference in the nVidia card driver.

A race condition between creating a fence and synchronizing with it
could cause a NULL dereference by attempting to sync with a fence
which was already destroyed and set to NULL.


* Denial of service truncating eCryptfs files.

On 32bit systems, when truncating a file, the integer holding the file size
could overflow, which would put the write operation in an infinite loop in
the kernel.


* NULL dereference in the CIFS filesystem.

When setting up a NULL user mount, the session setup code would still 
attempt
to copy the username of the user who's creating the mount into internal
structures.

Since in that case the username is always NULL, we would try to dereference
a NULL pointer, usually causing a kernel OOPS.


* Memory corruption and kernel OOPS when resuming with PCMCIA support.

Improper reference counting in the suspend/resume logic with PCMCIA
support can result in memory corruption and a kernel OOPS after
repeated suspending and resuming.


* Kernel OOPS in transparent hugepage memory management.

On single-CPU systems with certain configuration options,
overly-aggressive BUG_ONs would trigger a kernel OOPS in some
transparent hugepage codepaths.


* NULL pointer dereference when unloading the Asus OLED USB driver.

An incorrect deregistration sequence in asus_oled_exit allowed a NULL
pointer dereference and kernel OOPS.


* Buffer overflow in the relay filesystem.

The relayfs filesystem did not properly check for integer overflows
when processing certain user-provided lengths.  An unprivileged user could
exploit this to overflow the relevant buffers and corrupt kernel memory.


* NULL pointer dereference in the SCSI subsystem.

A NULL dereference may occur if a SCSI device is physically removed
without being logically removed from the system.

This would lead to a NULL dereference since the revalidation routine
assumed the device is always present while it runs.


* CVE-2011-4347: Denial of service in KVM device assignment.

Several bugs that allowed unprivileged users to improperly assign
devices to KVM guests could result in a denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.