[Ksplice][Ubuntu-12.04-Updates] New updates available via Ksplice (3.2.0-27.43)

[Jamie Iles]

Synopsis: 3.2.0-27.43 can now be patched using Ksplice
CVEs: CVE-2012-2390

Systems running Ubuntu 12.04 Precise can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.2.0-27.43.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.04 Precise
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel crash in AESNI decryption for CBC mode.

The AESNI driver did not ensure the correct alignment of memory when
performing AES decryption in CBC mode leading to a kernel crash.


* Memory corruption in B+Tree iterators.

Incorrect handling of B+Tree iterator internals could result in memory
corruption of the tree even on read-only operations leading to undefined
behaviour.


* Kernel oops in unbound L2TP IP sockets.

Missing checks for unbound sockets in the connect() path when using the
AF_UNSPEC address family could result in a kernel oops.


* Out-of-bounds memory access in VMWare DRM driver.

An incorrect check for the command word size could result in corrupted
addresses being passed to the emulated device and memory corruption.


* Memory leak in usb-audio PCM driver.

A missing free() in the hardware unplug code resulted in a memory leak.


* Kernel oops in CIFS open file list traversal.

The modification of a list whilst traversing it looking for open file
handles could result in accessing an invalid list element and a kernel
oops.


* Kernel crash in EXO filesystem on early I/O error.

An I/O error whilst initializing an EXO filesystem could result in a
kernel crash due to incorrect initialization of internal state.


* Kernel oops on interrupt in wl1251 driver.

A kernel oops could be triggered if the wl1251 driver received an
interrupt before it was ready to process it.


* Use-after-free in ath9k driver.

Failing to setup a transmit buffer could result in a use-after-free
condition when transmitting other buffers.


* Integer overflow in mmap copying on clone().

An integer overflow mean that a fork/clone of a process could succeed,
even when the caller did not have enough memory to copy all mmaps
resulting in a denial-of-service.


* Memory leak in SLUB allocator.

Incorrect management of the freelist resulted in a memory leak and
denial of service.


* Deadlock in ext4 hard-linked directories.

A hard-linked directory to it's parent could result in deadlock when
using a corrupted filesystem image.


* Memory leak in ext4 filesystem.

A missing memory resource free in a memory allocation failure path could
result in a memory leak and denial of service condition.


* Lockup in DRM TTM layer.

A missing lock operation could result in a lockup in TTM buffer swapout.


* Use-after-free in IPv4 forwarding table.

Entries in the IPv4 forwarding table could be access whilst they were
being torn down resulting in a use-after-free condition.


* Race condition in IPv4 forwarding table.

A race condition in the IPv4 forwarding table code could result in a
kernel oops and denial of service.


* CVE-2012-2390: Memory leak in hugetlbfs mmap() failure.

Incorrect error handling in the mmap() implementation for hugetlbfs
could result in reservations not being freed resulting in a denial of
service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.