[Ksplice][Ubuntu-12.04-Updates] New updates available via Ksplice (USN-1833-1)

[Sasha Levin]

Synopsis: USN-1833-1 can now be patched using Ksplice
CVEs: CVE-2013-1929 CVE-2013-1979 CVE-2013-3301

Systems running Ubuntu 12.04 Precise can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1833-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.04 Precise
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-1929: Buffer overflow in TG3 VPD firmware parsing.

Incorrect length checks when parsing the firmware could cause a buffer
overflow and corruption of memory.


* Memory leak in rtlwifi allocation failures.

A memory leak in the rtlwifi driver could result in a memory leak
and system crash.


* Buffer overflow when removing a PNFS device.

The buffer allocated for the removal command was too small, writing
too much data into it would have caused a buffer overflow.


* Btrfs filesystem reports no free space when there is.

When doing I/O with large amounts of data fragmentation, the global block
reserve calculations are too low leading with 'no free space' errors.


* Leak in Reiser filesystem inode allocation.

The Reiser filesystem does not correctly handle deleting extended attributes
of files which contain '.' or '..' leading to inodes to be leaked on the
underlying device.


* Race condition in virtual memory subsystem.

It is possible to trigger a race condition between two processes with a
shared memory space that triggers a kernel panic (BUG_ON).


* NULL pointer dereference in Intel 10GbE PCI Express driver.

The Intel 10GbE driver creates kernel data structures in an incorrect order
when loading causing a NULL pointer dereference and kernel panic.


* Denial-of-service in kernel key instantiation.

A memory leak in the kernel key instantiation functions could allow a
local user to trigger a denial-of-service.


* Buffer overflow in AoE block driver SKB allocation.

The SKB size allocated for usage in the AoE driver was too small and
may cause buffer overflow.


* Race condition in network device unregistration.

Missing synchronization could result in the kernel seeing stale handler
pointers resulting in a use-after-free.


* Invalid free in CAN networking.

The Controller Area Networking subsystem incorrectly frees scheduled jobs
leading to a kernel panic.


* CVE-2013-3301: NULL pointer dereference in tracing sysfs files.

The tracing sysfs files did not correctly allow seeking on a file opened
for writing, allowing a privileged user to crash the system.


* Use-after-free in kernel module loading.

A race condition in the kobject subsystem can cause a use-after-free condition
and kernel panic when loading kernel modules.


* Information leak in tkill() and tgkill() system calls.

Due to a lack of proper initialization, the tkill() and tgkill() system
calls may leak data from the kernel stack to an unprivileged local user.


* Buffer overflow in HFS+ filesystem.

An implicit truncation of an inode's size could lead to a buffer overflow
that is exploitable by local users with write access to an HFS+ filesystem.


* CVE-2013-1979: Privilege escalation with UNIX socket credentials.

Incorrect passing of credentials over a UNIX domain socket could allow
an unprivileged user to use a setuid binary to escalate privileges to
superuser level.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.