[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-894-1)

Fri Feb 5 13:22:45 PST 2010

Synopsis: USN-894-1 can now be patched using Ksplice
CVEs: CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4308
      CVE-2009-4536 CVE-2009-4538 CVE-2010-0007 CVE-2010-0291

Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-894-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Ubuntu 8.04 Hardy users install
these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2009-4020: Buffer overflow mounting corrupted hfs filesystem.

A buffer overflow flaw was found in the hfs_bnode_read() function in
the HFS file system implementation.  This could lead to a denial of
service if a user browsed a specially-crafted HFS file system, for
example, by running "ls".

* CVE-2009-4021: Denial of service in fuse_direct_io.

A programming error in the fuse_direct_io function could result in
FUSE dereferencing an invalid pointer if the machine entered a
low-memory state, leading to a denial of service (kernel oops).

* CVE-2009-4308: NULL pointer dereference in ext4 decoding EROFS w/o a journal.

The ext4_decode_error function in fs/ext4/super.c in the ext4
filesystem in the Linux kernel before 2.6.32 allows user-assisted
remote attackers to cause a denial of service (NULL pointer
dereference), and possibly have unspecified other impact, via a
crafted read-only filesystem that lacks a journal.

* CVE-2009-4138: NULL pointer dereference flaw in firewire-ohci driver.

A NULL pointer dereference flaw was found in the firewire-ohci driver
used for OHCI compliant IEEE 1394 controllers.  A local, unprivileged
user with access to /dev/fw* files could issue certain IOCTL calls,
causing a denial of service or privilege escalation.  The FireWire
modules are blacklisted by default, and if enabled, only root has
access to the files noted above by default.

* CVE-2009-4536: Denial of service in e1000 driver.

The e1000 driver did not properly handle packets which span multiple
receive buffers, which could be potentially be exploited by a remote
attacker to lead to memory corruption and denial of service.

* CVE-2009-4538: Denial of service in e1000e driver.

The e1000e driver did not properly handle packets which span multiple
receive buffers, which could be potentially be exploited by a remote
attacker to lead to memory corruption and denial of service.

* CVE-2010-0007: Missing capabilities check in ebtables module.

The ebtables module in the netfilter framework in the Linux kernel did
not require the CAP_NET_ADMIN capability for setting or modifying
rules, which allows local users to bypass intended access restrictions
and configure arbitrary network-traffic filtering via a modified
ebtables application.

* CVE-2010-0291: Multiple Denial of Service bugs in mmap() and mremap().

The Linux kernel is exposed to multiple denial of service issues when
mapping memory addresses.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.