[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-1023-1)
Tim Abbott
tabbott at ksplice.com
Thu Dec 2 09:17:16 PST 2010
Synopsis: USN-1023-1 can now be patched using Ksplice
CVEs: CVE-2010-3848 CVE-2010-3849 CVE-2010-3850
Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against the
latest Ubuntu Security Notice, USN-1023-1.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack Ubuntu 8.04 Hardy users install
these updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-3848: Privilege escalation in Econet with large iovecs.
The sendmsg implementation in the Econet protocol could overflow the
kernel stack on a message with a large iovec array, potentially leading to
privilege escalation.
* CVE-2010-3850: Privilege escalation in Econet SIOCSIFADDR operation.
The SIOCSIFADDR operation in the Econet protocol failed to check that the
caller is privileged.
* CVE-2010-3849: Denial of service in Econet sendmsg.
When given a NULL remote address, the sendmsg implementation in the Econet
protocol could dereference a NULL pointer, leading to a kernel oops.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ubuntu-8.04-Updates
mailing list