[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (Ubuntu-2.6.24-29.88)
Keegan McAllister
keegan at ksplice.com
Tue Apr 5 12:28:00 PDT 2011
Synopsis: Ubuntu-2.6.24-29.88 can now be patched using Ksplice
CVEs: CVE-2010-2943 CVE-2010-4158 CVE-2010-4162 CVE-2010-4163
CVE-2010-4164 CVE-2010-4242 CVE-2010-4258 CVE-2010-4346
Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu kernel update, Ubuntu-2.6.24-29.88.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack Ubuntu 8.04 Hardy users install
these updates. You can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* CVE-2010-4242: NULL pointer dereference in Bluetooth HCI UART driver.
A NULL pointer dereference flaw was found in the Bluetooth HCI UART driver
in the Linux kernel. A local, unprivileged user could use this flaw to
cause a denial of service.
* CVE-2010-4162: Integer overflow in block I/O subsystem.
Due to integer underflow and overflow issues when determining the number
of pages required for I/O requests, a local user could send a device ioctl
that results in the sequential allocation of a very large number of pages,
causing the OOM killer to be invoked and crashing the system.
* CVE-2010-4158: Kernel information leak in socket filters.
The sk_run_filter function in the kernel's socket filter implementation
did not properly clear an array on the kernel stack, resulting in
uninitialized kernel stack memory being copied to user space.
* CVE-2010-4163: Kernel panic in block subsystem.
By submitting certain I/O requests with 0 length, a local user could cause
a denial of service (kernel panic).
* Denial of service in nfs_do_fsync.
The function nfs_do_fsync erroneously reports failure, causing system calls
like close() on an NFS-mounted file to hang indefinitely.
* CVE-2010-4164: Denial of service parsing bad X.25 facilities.
On parsing malformed X.25 facilities, an integer underflow may cause a
kernel crash.
* CVE-2010-4346: Bypass of mmap_min_addr using install_special_mapping.
Tavis Ormandy discovered an issue in the install_special_mapping
routine which allows local users to bypass the mmap_min_addr security
restriction. Combined with an otherwise low severity local denial of
service vulnerability (NULL pointer dereference), a local user could
obtain elevated privileges.
* Improved fix for CVE-2010-2943.
Ubuntu provided an improved patch for CVE-2010-2943,
fixing an xfsdump failure.
* CVE-2010-4258: Failure to revert address limit override after oops.
If a kernel oops occurred with a kernel address limit override in place,
the kernel did not properly reset the address limit before writing to a
user-controlled address, potentially allowing a local user to escalate a
denial-of-service attack into privilege escalation.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ubuntu-8.04-Updates
mailing list