[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-1170-1)

Fri Jul 15 20:16:46 PDT 2011

Synopsis: USN-1170-1 can now be patched using Ksplice
CVEs: CVE-2010-4076 CVE-2010-4526 CVE-2011-0726 CVE-2011-1163 CVE-2011-1577 CVE-2011-1745 CVE-2011-1746 CVE-2011-2022

Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against the 
latest Ubuntu Security Notice, USN-1170-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 8.04 Hardy 
install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, 
these updates will be installed automatically and you do not need to take 
any additional action.

DESCRIPTION

* CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.

Multiple integer overflows in the AGP driver could allow local users to 
gain privileges or cause a denial of service (system crash) via crafted 
AGPIOC_BIND or AGPIOC_UNBIND ioctls.

* CVE-2011-1746: Buffer overflow in AGP subsystem.

The agp_allocate_memory function fails to correctly check a page count 
from userspace against overflow, and may allocate an insufficiently large 
buffer, leading to privilege escalation or denial of service.

* CVE-2010-4076: Kernel information leak in amiserial driver.

The TIOCGICOUNT device ioctl allows unprivileged users to read 
uninitialized stack memory, because the "reserved" member of the 
serial_icounter_struct struct declared on the stack is not altered or 
zeroed before being copied back to the user.

* CVE-2011-1577: Missing boundary checks in GPT partition handling.

A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) 
implementation could allow a local attacker to cause a denial of service 
by mounting a disk that contains specially-crafted partition tables.

* CVE-2011-1163: Kernel information leak parsing malformed OSF partition tables.

A buffer overflow flaw in the DEC Alpha OSF partition implementation in 
the Linux kernel could allow a local attacker to cause an information leak 
by mounting a disk that contains specially-crafted partition tables.

* CVE-2011-0726: Address space leakage through /proc/pid/stat.

The /proc/pid/stat file allowed unprivileged users to read the start and 
end address of other processes' text segments, potentially enabled an 
attacker to bypass address space layout randomization (ASLR) protection.

* CVE-2010-4526: Remote denial of service vulnerability in SCTP.

A flaw was found in the sctp_icmp_proto_unreachable() function in the 
Linux kernel's Stream Control Transmission Protocol (SCTP) implementation.  
A remote attacker could use this flaw to cause a denial of service.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.