[Ksplice][Ubuntu 9.10 Updates] New updates available via Ksplice (Ubuntu-2.6.31-23.74)

Keegan McAllister keegan at ksplice.com
Thu Mar 17 19:28:12 PDT 2011 

Synopsis: Ubuntu-2.6.31-23.74 can now be patched using Ksplice
CVEs: CVE-2010-4077 CVE-2010-4158 CVE-2010-4162 CVE-2010-4163
CVE-2010-4175 CVE-2010-4242 CVE-2010-4668

Systems running Ubuntu 9.10 Karmic can now use Ksplice to patch against
the latest Ubuntu kernel update, Ubuntu-2.6.31-23.74.


INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Ubuntu 9.10 Karmic users install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2010-4242: NULL pointer dereference in Bluetooth HCI UART driver.

A NULL pointer dereference flaw was found in the Bluetooth HCI UART driver
in the Linux kernel.  A local, unprivileged user could use this flaw to
cause a denial of service.


* CVE-2010-4162: Integer overflow in block I/O subsystem.

Due to integer underflow and overflow issues when determining the number
of pages required for I/O requests, a local user could send a device ioctl
that results in the sequential allocation of a very large number of pages,
causing the OOM killer to be invoked and crashing the system.


* CVE-2010-4158: Kernel information leak in socket filters.

The sk_run_filter function in the kernel's socket filter implementation
did not properly clear an array on the kernel stack, resulting in
uninitialized kernel stack memory being copied to user space.


* CVE-2010-4163 and CVE-2010-4668: Kernel panic in block subsystem.

By submitting certain I/O requests with 0 length, a local user could cause
a denial of service (kernel panic).


* CVE-2010-4175: Integer overflow in RDS cmsg handling.

An incorrect range check in the rds_cmsg_rdma_args could result in an
integer overflow, leading to memory corruption.


* CVE-2010-4077: Kernel information leak in nozomi driver.

The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack is not altered or
zeroed before being copied back to the user.


SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ubuntu-9.10-Updates mailing list