[Ksplice][Ubuntu-11.10-Updates] New updates available via Ksplice (USN-1607-1)

[Jamie Iles]

Synopsis: USN-1607-1 can now be patched using Ksplice
CVEs: CVE-2012-2137

Systems running Ubuntu 11.10 Oneiric can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1607-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 11.10 Oneiric
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2012-2137: Buffer overflow in KVM MSI routing entry handler.

A buffer overflow flaw was found in the setup_routing_entry() function in the
KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts
(MSI) routing entry was handled. A local, unprivileged user could use this flaw
to cause a denial of service or, possibly, escalate their privileges.


* Inode leak in eCryptfs file renaming.

Inodes are not being properly removed when they are the target of
a rename() system call, causing extra disk space to be consumed.


* Race condition in eCryptfs can cause hangs when accessing the filesystem.

A race condition when releasing files can cause errors when
accessing a eCryptfs filesystem leading to system hangs.


* Race-condition in VFS file operations.

A race condition when performing scatter-gather IO on a file can lead
to data corruption.


* Kernel panic in hugetlbfs.

A race condition between processes sharing huge page mappings can cause
a kernel panic.


* Unreported error can cause unusable mount in NFS.

An unreported error can cause a mount to seem to succeed but have
completely unusable values for block sizes, maxfilesize, etc.


* Kernel panic in Parallel NFS.

A kernel panic (BUG_ON) can be triggered when releasing file data because
of a broken assumption in the Parallel NFS implementation.


* Use-after-free in audit.

A delayed destroy can cause a user-after-free error in
audit_tree.


* Race condition in SUNRPC.

A race condition can cause data corruption when closing a SUNRPC socket.


* NULL pointer dereference in USB ACM.

A NULL pointer dereference can be triggered when probing a device that
provides an ACM endpoint.


* NUMA memory policy kernel panic.

A kernel panic can be triggered when querying a task's NUMA memory policy
via procfs.


* SCSI MegaRAID kernel panic.

A kernel panic can be triggered when the MegaRAID driver is loaded but
no adapters are present on the system.


* UDF data corruption fix.

Files stored in ICB (inode) can be partially overwritten with all
zeros.


* NULL pointer dereference in DCCP sockets.

A NULL pointer dereference can be triggered by querying or setting the
socket options of a DCCP socket that has no associated CCID.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.