[Ksplice][Ubuntu-12.04-Updates] New updates available via Ksplice (USN-1473-1)

Fri Jun 15 18:37:09 PDT 2012

Synopsis: USN-1473-1 can now be patched using Ksplice
CVEs: CVE-2012-2121 CVE-2012-2313 CVE-2012-2319 CVE-2012-2383 CVE-2012-2384

Systems running Ubuntu 12.04 Precise can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1473-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.04 Precise
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Byte counter overflow in SHA-512.

An incorrect check in sha512_update prevented the upper 64 bits of the
SHA-512 byte counter from being incremented when the lower 64 bits
overflowed.

* NULL pointer dereference in USB gadget FunctionFS ioctl.

A missing check in ffs_ep0_ioctl on whether or not the FunctionFS was
bound allowed a NULL pointer dereference and kernel OOPS.

* CVE-2012-2121: Memory leak in KVM device assignment.

KVM uses memory slots to track and map guest regions of memory.  When device
assignment is used, the pages backing these slots are pinned in memory 
and mapped
into the iommu.  The problem is that when a memory slot is destroyed the 
pages
for the associated memory slot are neither unpinned nor unmapped from 
the iommu.

* Denial of service in PHONET message sending.

The PHONET driver would attempt to allocate any packet size requested
from userspace. This could lead to memory exhaustion and OOM kills.

* NULL pointer dereference when firmware name of i2400 driver is not set.

If the firmware name of the i2400 network driver was not set, a
strncpy of a NULL pointer in i2400m_get_drvinfo would result in a NULL
pointer dereference and kernel OOPS.

* Denial of service in network namespace initialization.

The network namespace initialization routine would leak internal
network generic structure if the initialization of one of the network
subsystems would fail, leading to possible denial of service.

* CVE-2012-2319: Buffer overflow mounting corrupted hfs filesystem.

A buffer overflow flaw was found in the hfsplus_bnode_read() function in
the HFS+ file system implementation.  This could lead to a denial of
service if a user browsed a specially-crafted HFS+ file system, for
example, by running "ls".

* Task hang in sync-mounted ext4 filesystems.

An ext4 filesystem mounted with the sync option and no journal would
result in task hangs when accessing the filesystem.

* CVE-2012-2313: Privilege escalation in the dl2k NIC.

The D-LINK dl2k network card was missing permission checks in the ioctl
handling function. This would allow an unprivileged user to reconfigure
the low-level link device and trigger a denial-of-service.

* Buffer overflow in KS8851 network driver.

Insufficient buffer space when processing pending frames in ks_rcv
could result in a buffer overflow.

* CVE-2012-2384: Integer overflow in i915 execution buffer.

An integer overflow in the i915 execution buffer code could result in a
user triggering a denial-of-service attack or elevating privileges.

* CVE-2012-2383: Integer overflow in i915 execution buffer management.

An integer overflow in the i915 execution buffer management code could
result in a user triggering a denial-of-service attack or elevating
privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.