[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-947-1)

Sun Jun 6 12:05:29 PDT 2010

Synopsis: USN-947-1 can now be patched using Ksplice
CVEs: CVE-2009-4537 CVE-2010-0298 CVE-2010-0306 CVE-2010-0437 CVE-2010-0727
      CVE-2010-1083 CVE-2010-1084 CVE-2010-1086 CVE-2010-1087 CVE-2010-1162
      CVE-2010-1187

Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-947-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Ubuntu 8.04 Hardy users install
these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2010-1083: Information leak in USB processcompl_compat.

Marcus Meissner discovered that the USB subsystem did not correctly
handle certain error conditions.  A local attacker with access to a
USB device could exploit this to read recently used kernel memory,
leading to a loss of privacy and potentially root privilege
escalation.

* CVE-2010-1086: Infinite loop in ULE implementation.

Ang Way Chuang discovered that the DVB driver did not correctly handle
certain MPEG2-TS frames.  An attacker could exploit this by delivering
specially crafted frames to monopolize CPU resources, leading to a
denial of service.

* CVE-2010-0437: NULL pointer dereference in ip6_dst_lookup_tail.

A NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
function in the Linux kernel. An attacker on the local network could
trigger this flaw by sending IPv6 traffic to a target system, leading
to a system crash (kernel OOPS) if dst->neighbour is NULL on the
target system when receiving an IPv6 packet.

* CVE-2010-0727: Denial of Service in GFS2 locking.

Sachin Prabhu reported an issue in the GFS2 filesystem. Local users
can trigger a BUG() altering the permissions on a locked file,
resulting in a denial of service.

* CVE-2010-1187: NULL pointer dereference in TIPC subsystem.

Neil Hormon reported an issue in the TIPC subsystem. Local users can
cause a denial of service by way of a NULL pointer dereference by
sending datagrams through AF_TIPC before entering network mode.

* CVE-2010-1162: Memory leak in the tty subsystem

Catalin Marinas reported an issue in the tty subsystem that allows
local attackers to cause a kernel memory leak, possibly resulting in a
denial of service.

* CVE-2010-1087: Denial of Service in NFS filesystem.

Trond Myklebust reported an issue in the NFS filesystem. A local user
may cause an oops by sending a fatal signal during a file truncation
operation, resulting in a denial of service.

* CVE-2009-4537: Remote buffer overflow in r8169 driver.

It was discovered that the r8169 network driver did not correctly check
the size of Ethernet frames.  A remote attacker could send specially
crafted traffic to crash the system, leading to a denial of service.

* CVE-2010-0298 and CVE-2010-0306: KVM guest privilege escalations.

Gleb Natapov discovered issues in the KVM subsystem where missing
permission checks on the CPL and IOPL levels permit a user in a guest
system to denial of service a guest (system crash) or gain escalated
privileges with the guest.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.