From nelhage at ksplice.com Thu Jan 6 08:40:02 2011 From: nelhage at ksplice.com (Nelson Elhage) Date: Thu, 6 Jan 2011 11:40:02 -0500 Subject: [Ksplice][Ubuntu 9.10 Updates] New updates available via Ksplice (2.6.31-22.70) Message-ID: <20110106164002.GA14646@ksplice.com> Synopsis: 2.6.31-22.70 can now be patched using Ksplice CVEs: CVE-2010-2537 CVE-2010-2538 CVE-2010-2943 CVE-2010-2962 CVE-2010-3079 CVE-2010-3296 CVE-2010-3297 CVE-2010-3298 CVE-2010-3848 CVE-2010-3849 CVE-2010-3858 CVE-2010-3861 CVE-2010-4072 Systems running Ubuntu 9.10 Karmic can now use Ksplice to patch against the latest Ubuntu kernel, 2.6.31-22.70. INSTALLING THE UPDATES We recommend that all Ksplice Uptrack Ubuntu 9.10 Karmic users install these updates. You can install these updates by running: # uptrack-upgrade -y DESCRIPTION * CVE-2010-2537 and CVE-2010-2538: Missing checks in BTRFS_IOC_CLONE_RANGE. - The BTRFS_IOC_CLONE ioctl did not check for an append-only file, potentially allowing an attacker to inappropriately write to a file opened for append only. - An integer overflow in the BTRFS_IOC_CLONE_RANGE ioctl potentially allowed an attacker to inappropriately read from kernel memory. * CVE-2010-2943: Missing inode validation in XFS. The xfs implementation in the Linux kernel does properly validate inode numbers, which allows remote authenticated users to read unlinked files, or potentially read or overwrite other files, by accessing a stale NFS filehandle. * CVE-2010-2962: Privilege escalation in i915 pread/pwrite ioctls. The i915 driver's pread and pwrite ioctls had several bugs in their access control checks that could be used to achieve privilege escalation. * CVE-2010-3079: Denial of service in set_ftrace_filter. The set_ftrace_filter special file did not correctly handle the lseek() operation, potentially allowing a local user to trigger a denial of service (kernel oops). * CVE-2010-3296: Kernel information leak in cxgb driver. The CHELSIO_GET_QSET_NUM device ioctl allows unprivileged users to read 4 bytes of uninitialized stack memory, because the "addr" member of the ch_reg struct declared on the stack in cxgb_extension_ioctl() is not altered or zeroed before being copied back to the user. * CVE-2010-3297: Kernel information leak in eql driver. The EQL_GETMASTRCFG device ioctl allows unprivileged users to read 16 bytes of uninitialized stack memory, because the "master_name" member of the master_config_t struct declared on the stack in eql_g_master_cfg() is not altered or zeroed before being copied back to the user. * CVE-2010-3298: Information leak in hso_get_count(). The TIOCGICOUNT device ioctl allowed unprivileged users to read uninitialized stack memory, because the "reserved" member of the serial_icounter_struct struct declared on the stack in hso_get_count() was not altered or zeroed before being copied back to the user. * CVE-2010-3858: Denial of service with excessive argument size Creating a process with a very large argument list or environment may trigger a kernel BUG in the setup_arg_pages function. * CVE-2010-3861: Information leak in ETHTOOL_GRXCLSRLALL ioctl. The ethtool_get_rxnfc function did not initialize a block of heap memory, which allowed local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value. * CVE-2010-4072: Information leak in System V IPC System V IPC leaks uninitialized kernel stack memory to user programs in unused fields of the shmid_ds structure. * Improved fix for CVE-2010-3849. Adopt the upstream fix for CVE-2010-3849, instead of the one originally applied by Ubuntu, which does not completely fix the problem. * Improved fix for CVE-2010-3848. Adopt the upstream fix for CVE-2010-3848, instead of the fix originally applied by Ubuntu, which contains various bugs. SUPPORT Ksplice support is available at support at ksplice.com or +1 765-577-5423. From tabbott at ksplice.com Tue Jan 11 15:09:22 2011 From: tabbott at ksplice.com (Tim Abbott) Date: Tue, 11 Jan 2011 18:09:22 -0500 (EST) Subject: [Ksplice][Ubuntu 9.10 Updates] Ksplice updates for USN-1041-1 already available Message-ID: Last week, Ubuntu released the 2.6.31-22.70 kernel for Ubuntu Lucid, fixing about a dozen security vulnerabilities. Yesterday night, Ubuntu sent the USN-1041-1 security notice for this security update kernel. Ksplice already released rebootless updates for this kernel shortly after it was made available by Ubuntu, so rebootless updates for USN-1041-1 are already available for your systems. You don't need to take any additional action to patch against USN-1041-1. Our original release notes are available at: http://lists.ksplice.com/pipermail/ubuntu-9.10-updates-ksplice.com/2011-January/000008.html Ksplice support is available at support at ksplice.com or +1 765-577-5423.