From keegan at ksplice.com Thu Mar 17 19:28:12 2011 From: keegan at ksplice.com (Keegan McAllister) Date: Thu, 17 Mar 2011 22:28:12 -0400 Subject: [Ksplice][Ubuntu 9.10 Updates] New updates available via Ksplice (Ubuntu-2.6.31-23.74) Message-ID: Synopsis: Ubuntu-2.6.31-23.74 can now be patched using Ksplice CVEs: CVE-2010-4077 CVE-2010-4158 CVE-2010-4162 CVE-2010-4163 CVE-2010-4175 CVE-2010-4242 CVE-2010-4668 Systems running Ubuntu 9.10 Karmic can now use Ksplice to patch against the latest Ubuntu kernel update, Ubuntu-2.6.31-23.74. INSTALLING THE UPDATES We recommend that all Ksplice Uptrack Ubuntu 9.10 Karmic users install these updates. You can install these updates by running: # /usr/sbin/uptrack-upgrade -y On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any additional action. DESCRIPTION * CVE-2010-4242: NULL pointer dereference in Bluetooth HCI UART driver. A NULL pointer dereference flaw was found in the Bluetooth HCI UART driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. * CVE-2010-4162: Integer overflow in block I/O subsystem. Due to integer underflow and overflow issues when determining the number of pages required for I/O requests, a local user could send a device ioctl that results in the sequential allocation of a very large number of pages, causing the OOM killer to be invoked and crashing the system. * CVE-2010-4158: Kernel information leak in socket filters. The sk_run_filter function in the kernel's socket filter implementation did not properly clear an array on the kernel stack, resulting in uninitialized kernel stack memory being copied to user space. * CVE-2010-4163 and CVE-2010-4668: Kernel panic in block subsystem. By submitting certain I/O requests with 0 length, a local user could cause a denial of service (kernel panic). * CVE-2010-4175: Integer overflow in RDS cmsg handling. An incorrect range check in the rds_cmsg_rdma_args could result in an integer overflow, leading to memory corruption. * CVE-2010-4077: Kernel information leak in nozomi driver. The TIOCGICOUNT device ioctl allows unprivileged users to read uninitialized stack memory, because the "reserved" member of the serial_icounter_struct struct declared on the stack is not altered or zeroed before being copied back to the user. SUPPORT Ksplice support is available at support at ksplice.com or +1 765-577-5423.