[Ksplice][Fedora-14-Updates] New updates available via Ksplice (FEDORA-2010-19156)

Nelson Elhage nelhage at ksplice.com
Thu Dec 23 21:08:13 PST 2010 

Synopsis: FEDORA-2010-19156 can now be patched using Ksplice

CVEs: CVE-2010-3437 CVE-2010-3873 CVE-2010-4058 CVE-2010-4162 CVE-2010-4163
      CVE-2010-4164 CVE-2010-4169 CVE-2010-4175 CVE-2010-4258

Systems running Fedora 14 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2010-19156.


INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Fedora 14 users install these
updates.  You can install these updates by running:

# uptrack-upgrade -y


DESCRIPTION

* CVE-2010-4175: Integer overflow in RDS cmsg handling

An incorrect range check in the rds_cmsg_rdma_args could result in an integer
overflow, leading to memory corruption.


* CVE-2010-4258: Failure to revert address limit override after oops.

If a kernel oops occurred with a kernel address limit override in place, the
kernel did not properly reset the address limit before writing to a
user-controlled address, potentially allowing a local user to escalate a
denial-of-service attack into privilege escalation.


* CVE-2010-3437: Denial of service in pktcdvd driver.

An incorrect integer range check in the pktcdvd driver could allow a local user
to read kernel memory or cause a denial of service (kernel oops) by requesting
devices with negative numbers.


* CVE-2010-4162: Integer overflow in block I/O subsystem.

Due to integer underflow and overflow issues when determining the
number of pages required for I/O requests, a local user could send a
device ioctl that results in the sequential allocation of a very large
number of pages, causing the OOM killer to be invoked and crashing the
system.


* CVE-2010-4169: Use-after-free bug in mprotect system call.

A use-after-free flaw in the mprotect() system call could allow a
local, unprivileged user to cause a local denial of service.


* CVE-2010-4058: Kernel information leak in socket filters.

The sk_run_filter function in the kernel's socket filter
implementation did not properly clear an array on the kernel stack,
resulting in uninitialized kernel stack memory being copied to user
space.


* CVE-2010-4164: Denial of service parsing bad X.25 facilities

On parsing malformed X.25 facilities, an integer underflow may cause a
kernel crash.


* CVE-2010-3873: Memory corruption in X.25 facilities parsing.

The x25_parse_facilities facilities function may cause a memcpy() of ULONG_MAX
size, destroying the kernel heap.


* CVE-2010-4163: Kernel panic in block subsystem.

By submitting certain I/O requests with 0 length, a local user could cause a
denial of service (kernel panic).


SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Fedora-14-Updates mailing list