From tabbott at ksplice.com Wed Dec 1 19:33:17 2010 From: tabbott at ksplice.com (Tim Abbott) Date: Wed, 1 Dec 2010 22:33:17 -0500 (EST) Subject: [Ksplice][Ubuntu 9.10 Updates] New updates available via Ksplice (USN-1023-1) Message-ID: Synopsis: USN-1023-1 can now be patched using Ksplice CVEs: CVE-2010-3848 CVE-2010-3849 CVE-2010-3850 Systems running Ubuntu 9.10 Karmic can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-1023-1. INSTALLING THE UPDATES We recommend that all Ksplice Uptrack Ubuntu 9.10 Karmic users install these updates. You can install these updates by running: # uptrack-upgrade -y DESCRIPTION * CVE-2010-3848: Privilege escalation in Econet with large iovecs. The sendmsg implementation in the Econet protocol could overflow the kernel stack on a message with a large iovec array, potentially leading to privilege escalation. * CVE-2010-3850: Privilege escalation in Econet SIOCSIFADDR operation. The SIOCSIFADDR operation in the Econet protocol failed to check that the caller is privileged. * CVE-2010-3849: Denial of service in Econet sendmsg. When given a NULL remote address, the sendmsg implementation in the Econet protocol could dereference a NULL pointer, leading to a kernel oops. SUPPORT Ksplice support is available at support at ksplice.com or +1 765-577-5423.