[Ksplice][Ubuntu-12.04-Updates] New updates available via Ksplice (3.2.0-55.85)

[Oracle Ksplice]

Synopsis: 3.2.0-55.85 can now be patched using Ksplice
CVEs: CVE-2013-2237

Systems running Ubuntu 12.04 Precise can now use Ksplice to patch
against the latest Ubuntu kernel update, 3.2.0-55.85.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 12.04 Precise
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use-after-free in ext4 metadata error path.

If an error is encountered when writing dirty ext4 metadata to disk, a use-after-
free condition can be triggered causing a kernel panic.


* Kernel oops in simultaneous VIRTIO console open + unplug.

Missing synchronization could result in a crash if the device was opened
at the same time as the device was unplugged.


* NULL pointer dereference in Keyspan USB-to-serial driver.

A NULL pointer dereference and kernel panic can be triggered if a memory
allocation fails when attaching a Keyspan USB device.


* Heap buffer overflow when reading "pagemap" procfs file.

The kernel does not correctly allocate a temporary buffer when reading from the
"pagemap" procfs file, leading to a kernel heap overflow and possible code
execution.


* Deadlock in NILFS2 segment buffer processing.

Incorrect reference counting in the NILFS2 filesystem driver when processing
segment buffers can trigger a deadlock causing a kernel panic.


* Use-after-free in IPv6 multicast routing namespace cleanup.

Incorrect locking could result in a use-after-free and kernel crash when
removing a network namespace.


* Kernel stack information leak in ATM network scheduler.

Missing initialization could cause kernel stack information to be leaked
from the ATM network scheduler to userspace.


* Kernel information leak in Class Based Queueing network scheduler.

Missing initialization in the CBQ network scheduler could result in
leaking kernel stack information to userspace.


* Buffer overflow in CIFS credentials.

An incorrectly sized buffer could result in a buffer overflow, allowing
a malicious server to cause heap memory corruption.


* Kernel stack information leaks in PF_KEY sockets.

Missing initialization in a number of PF_KEY socket calls could result
in leaking kernel stack information to userspace.


* CVE-2013-2237: Information leak on IPSec key socket.

Incorrect initialization on policy flushing could leak kernel stack
bytes to userspace.


* Kernel panic in Atheros AR9001/AR9002 transmit.

The Atheros wireless driver does not correctly manage packet data on AR9001 and
AR9002 devices leading to an assertion failure and kernel panic.


* User memory corruption in SCSI SG_IO ioctl.

If a process performing a SG_IO ioctl on a SCSI device is interrupted by a signal,
the kernel may continue the ioctl in the address space of another process leading
to memory corruption.


* Information leak in ICEnsemble ICE1712 (Envy24) sound driver.

Missing range checks could result in leaking the contents of kernel heap
memory to userspace.


* Integer overflow in NFSv4.1 memory allocation.

Missing range checks could result in integer overflow when allocating
memory leading to potential heap corruption.


* NULL pointer dereference in Intel wireless driver.

A NULL pointer dereference can be trigged in the iwlwifi driver when
doing a channel switch.  This can lead to a kernel panic.


* Kernel panic in removable memory sysfs interface.

When showing the contents of the /sys/devices/system/memory/memory*/removable
sysfs file, the kernel does not validate that all memory sections are present
causing a kernel panic.


* Improved fix for 'Unlimited stack ASLR bypass on 64-bit systems'.

The original update for 'Unlimited stack ASLR bypass on 64-bit systems' did not
correctly handle randomising the stack causing compatibility issues with some
existing user-mode programs. This update corrects the issue.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.