[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (Debian 6.0.1)

[Reid Barton]

Synopsis: Debian 6.0.1 can now be patched using Ksplice
CVEs: CVE-2010-2943 CVE-2010-3699 CVE-2010-3865 CVE-2010-4075
CVE-2010-4077 CVE-2010-4249 CVE-2010-4656 CVE-2011-0521 CVE-2011-0712
CVE-2011-1010 CVE-2011-1013 CVE-2011-1082 CVE-2011-1093

Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian update, Debian 6.0.1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Debian 6.0 Squeeze users install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2010-3865: Integer overflow in RDS rdma page counting.

An integer overflow flaw was found in the Linux kernel's Reliable
Datagram Sockets (RDS) protocol implementation.  A local, unprivileged
user could use this flaw to cause a denial of service or escalate
their privileges.


* CVE-2010-4075: Kernel information leak in serial driver.

The TIOCGICOUNT device ioctl in the serial driver allows unprivileged
users to read uninitialized kernel memory.


* CVE-2010-4077: Kernel information leak in nozomi driver.

The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack is not altered or
zeroed before being copied back to the user.


* Denial of service in ptrace_detach.

An erroneous call to wake_up_process() could potentially be exploited
by a local unprivileged user to cause a denial of service or other
unspecified impact.


* CVE-2010-4249: Local denial of service vulnerability in UNIX sockets.

A flaw was found in the Linux kernel's garbage collector for AF_UNIX
sockets. A local, unprivileged user could use this flaw to trigger a
denial of service (out-of-memory condition).


* CVE-2011-0521: Buffer underflow vulnerability in av7110 driver.

Dan Carpenter reported an issue in the DVB driver for AV7110
cards. Local users can pass a negative info->num value, corrupting
kernel memory and causing a denial of service.


* Denial of service in nfs_do_fsync.

The function nfs_do_fsync erroneously reports failure, causing system
calls like close() on an NFS-mounted file to hang indefinitely.


* CVE-2011-1010: Denial of service in Mac OS partition table handling.

A buffer overflow in the mac_partition function could allow a local
attacker to cause a denial of service or possibly unspecified other
impact via a malformed Mac OS partition table.


* CVE-2011-0712: Buffer overflows in caiaq driver.

An attacker with physical access could gain elevated privileges via
pathways relating to buffer overflows in the caiaq audio driver.


* CVE-2011-1082: Denial of service in epoll.

The epoll subsystem did not prevent an unprivileged local user from
creating a cycle of epoll file descriptors, which would lead to a
denial of service.


* CVE-2011-1013: Signedness error in drm.

The drm_modeset_ctl() function incorrectly treated an unsigned integer
as signed, leading to a local denial of service or possible privilege
escalation.


* CVE-2011-1093: NULL pointer dereference in DCCP.

A flaw in the implementation of the dccp_rcv_state_process() function
allowed a local unprivileged user, or a remote user, if the system
accepted connections over the DCCP protocol, to cause a denial of
service (kernel oops) via a NULL pointer dereference.


* CVE-2010-4656: Buffer overflow in I/O-Warrior USB driver.

Kees Cook reported an issue in the driver for I/O-Warrior USB devices.
Local users with access to these devices may be able to overrun kernel
buffers, resulting in a denial of service or privilege escalation.


* CVE-2010-3699: Denial of service vulnerability in Xen block I/O driver.

A flaw was found in the Xenbus code for the unified block-device I/O
interface back end.  A privileged guest user could use this flaw to
cause a denial of service on the host system running the Xen
hypervisor.


* CVE-2010-2943: Missing inode validation in XFS.

The xfs implementation in the Linux kernel does not properly validate
inode numbers, which allows remote authenticated users to read
unlinked files, or potentially read or overwrite other files, by
accessing a stale NFS filehandle.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.