[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (Ubuntu-2.6.24-29.89)

Keegan McAllister keegan at ksplice.com
Mon May 23 20:00:45 PDT 2011 

Synopsis: Ubuntu-2.6.24-29.89 can now be patched using Ksplice
CVEs: CVE-2010-4075 CVE-2010-4342 CVE-2010-4529 CVE-2011-0521 CVE-2011-0711

Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu Security Notice, Ubuntu-2.6.24-29.89.


INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Ubuntu 8.04 Hardy users install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2010-4075: Kernel information leak in serial subsystem.

The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack is not altered or
zeroed before being copied back to the user.


* CVE-2010-4342: Denial of service vulnerability in econet protocol.

Nelson Elhage reported an issue in the econet protocol.  Remote
attackers can cause a denial of service by sending an Acorn Universal
Networking packet over UDP.


* CVE-2010-4529: Integer underflow in IrDA IRLMP_ENUMDEVICES.

An integer underflow bug was found in the IrDA subsystem.  Local users
may be able to gain access to sensitive kernel memory via a specially
crafted IRLMP_ENUMDEVICES getsockopt call.


* CVE-2011-0521: Buffer underflow vulnerability in av7110 driver.

Dan Carpenter reported an issue in the DVB driver for AV7110
cards. Local users can pass a negative info->num value, corrupting
kernel memory and causing a denial of service.


* CVE-2011-0711: Information leak in XFS filesystem.

The XFS filesystem leaves certain fields in the output of the
FSGEOMETRY_V1 ioctl uninitialized, leaking kernel stack data to
unprivileged callers.


SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ubuntu-8.04-Updates mailing list