[Ksplice][Ubuntu-11.10-Updates] New updates available via Ksplice (USN-1689-1)

[Sasha Levin]

Synopsis: USN-1689-1 can now be patched using Ksplice
CVEs: CVE-2012-4461 CVE-2012-4530

Systems running Ubuntu 11.10 Oneiric can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1689-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 11.10 Oneiric
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION


* Deadlock in software RAID subsystem.

Fix a deadlock in the software RAID subsystem caused by attempting
recurse back into the request queue.


* Deadlock in ISDN gigaset.

Fix a potential deadlock with the delayed work function in the ISDN
gigaset driver.


* CVE-2012-4461: Kernel panic KVM XSAVE support.

On machines without XSAVE instruction support a malicious guest can cause
a host kernel panic via the SET_SREGS ioctl.


* CVE-2012-4530: Kernel information leak in binfmt execution.

Execution of a carefully crafted sequence of scripts could allow an
unprivileged user to leak kernel stack information to userspace.


* NULL pointer dereference on futex wakeup.

Incorrect synchronization during a futex wakeup sequence can trigger a
NULL pointer dereference by trying to wake up a locked futex.


* Buffer overflow in QuickNet Internet LineJack input handling.

The QuickNet Internet LineJack driver didn't properly check input from
userspace, which has made it possible to pass it strings which are not
properly NULL terminated, leading to a buffer overflow.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.