[Ksplice][Fedora-14-Updates] New updates available via Ksplice (FEDORA-2010-19156)
Nelson Elhage
nelhage at ksplice.com
Thu Dec 23 21:08:13 PST 2010
Synopsis: FEDORA-2010-19156 can now be patched using Ksplice
CVEs: CVE-2010-3437 CVE-2010-3873 CVE-2010-4058 CVE-2010-4162 CVE-2010-4163
CVE-2010-4164 CVE-2010-4169 CVE-2010-4175 CVE-2010-4258
Systems running Fedora 14 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2010-19156.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack Fedora 14 users install these
updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-4175: Integer overflow in RDS cmsg handling
An incorrect range check in the rds_cmsg_rdma_args could result in an integer
overflow, leading to memory corruption.
* CVE-2010-4258: Failure to revert address limit override after oops.
If a kernel oops occurred with a kernel address limit override in place, the
kernel did not properly reset the address limit before writing to a
user-controlled address, potentially allowing a local user to escalate a
denial-of-service attack into privilege escalation.
* CVE-2010-3437: Denial of service in pktcdvd driver.
An incorrect integer range check in the pktcdvd driver could allow a local user
to read kernel memory or cause a denial of service (kernel oops) by requesting
devices with negative numbers.
* CVE-2010-4162: Integer overflow in block I/O subsystem.
Due to integer underflow and overflow issues when determining the
number of pages required for I/O requests, a local user could send a
device ioctl that results in the sequential allocation of a very large
number of pages, causing the OOM killer to be invoked and crashing the
system.
* CVE-2010-4169: Use-after-free bug in mprotect system call.
A use-after-free flaw in the mprotect() system call could allow a
local, unprivileged user to cause a local denial of service.
* CVE-2010-4058: Kernel information leak in socket filters.
The sk_run_filter function in the kernel's socket filter
implementation did not properly clear an array on the kernel stack,
resulting in uninitialized kernel stack memory being copied to user
space.
* CVE-2010-4164: Denial of service parsing bad X.25 facilities
On parsing malformed X.25 facilities, an integer underflow may cause a
kernel crash.
* CVE-2010-3873: Memory corruption in X.25 facilities parsing.
The x25_parse_facilities facilities function may cause a memcpy() of ULONG_MAX
size, destroying the kernel heap.
* CVE-2010-4163: Kernel panic in block subsystem.
By submitting certain I/O requests with 0 length, a local user could cause a
denial of service (kernel panic).
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Fedora-14-Updates
mailing list