[Ksplice][Ubuntu-12.04-Updates] New updates available via Ksplice (USN-1699-1)

Jamie Iles jamie.iles at oracle.com
Fri Jan 18 10:46:03 PST 2013 

Synopsis: USN-1699-1 can now be patched using Ksplice
CVEs: CVE-2012-4461 CVE-2012-4530

Systems running Ubuntu 12.04 Precise can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1699-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.04 Precise
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel crash in block subsystem.

Accessing a request after it has been freed can cause a crash
in the block driver subsystem.


* NULL pointer dereference in mtd subsystem.

An incorrect check for a NULL pointer could allow a later NULL
pointer deference in the mtd subsystem.


* Memory corruption in WiFi station wakeup handling.

Missing locking could result in the corruption of internal lists leading
to a kernel crash.


* Remote information leak in netfilter TCP connection tracking.

An attacker on a shared routing queue with the victim can gain information
about the victim's TCP connections by sending malformed TCP packets.


* Kernel crash in shared memory inode eviction.

Incorrect locking in shared memory filesystems could result in a kernel
BUG_ON() and subsequent kernel crash.


* Kernel crash in DRM memory type subsystem.

Incorrect memory allocation routines could result in a kernel crash when
allocating memory on systems with high memory.


* NULL pointer dereference on futex wakeup.

Incorrect synchronization during a futex wakeup sequence can trigger a
NULL pointer dereference by trying to wake up a locked futex.


* Deadlock in ISDN gigaset.

Fix a potential deadlock with the delayed work function in the ISDN
gigaset driver.


* Deadlock in software RAID subsystem.

Fix a deadlock in the software RAID subsystem caused by attempting
recurse back into the request queue.


* CVE-2012-4461: Kernel panic KVM XSAVE support.

On machines without XSAVE instruction support a malicious guest can cause
a host kernel panic via the SET_SREGS ioctl.


* Resource leak in XFS buffer I/O error handling.

Invalid reference counting when ending a failed I/O would result in a
memory leak.


* CVE-2012-4530: Kernel information leak in binfmt execution.

Execution of a carefully crafted sequence of scripts could allow an
unprivileged user to leak kernel stack information to userspace.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-12.04-Updates mailing list