[Ksplice][Debian 5.0 Updates] New updates available via Ksplice (DSA-1996-1)

Sun Feb 14 23:08:32 PST 2010

Synopsis: DSA-1996-1 can now be patched using Ksplice
CVEs: CVE-2009-4027 CVE-2009-4536 CVE-2009-4538 CVE-2010-0007 CVE-2010-0291 CVE-2010-0298 CVE-2010-0306 CVE-2010-0307 CVE-2010-0309 CVE-2010-0415

Systems running Debian 5.0 Lenny can now use Ksplice to patch against
the latest Debian Security Advisory, DSA-1996-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Debian 5.0 Lenny users install
these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2010-0007: Missing capabilities check in ebtables module.

The ebtables module in the netfilter framework in the Linux kernel did
not require the CAP_NET_ADMIN capability for setting or modifying
rules, which allows local users to bypass intended access restrictions
and configure arbitrary network-traffic filtering via a modified
ebtables application.

* CVE-2009-4027: Remote denial of service in mac80211 DELBA handling.

A race condition in the mac80211 subsystem in the Linux kernel allows
remote attackers to cause a denial of service (system crash) via a
Delete Block ACK (aka DELBA) packet that triggers a certain state
change in the absence of an aggregation session.

* CVE-2010-0415: Information leak in sys_move_pages.

Ramon de Carvalho Valle discovered an issue in the sys_move_pages
interface, limited to 64-bit kernels.  Local users can exploit this
issue to cause a denial of service (system crash) or gain access to
sensitive kernel memory.

* CVE-2009-4536: Denial of service in e1000 driver.

The e1000 driver did not properly handle packets which span multiple
receive buffers, which could be potentially be exploited by a remote
attacker to lead to memory corruption and denial of service.

* CVE-2009-4538: Denial of service in e1000e driver.

The e1000e driver did not properly handle packets which span multiple
receive buffers, which could be potentially be exploited by a remote
attacker to lead to memory corruption and denial of service.

* CVE-2010-0307: Denial of service on amd64

A programming error in the load_elf_binary function on Linux could
result in a denial of service on 64-bit machines by attempting to exec
a 32-bit binary with an invalid interpreter, and then causing a
coredump.

* CVE-2010-0291: Multiple Denial of Service bugs in mmap() and mremap().

The Linux kernel is exposed to multiple denial of service issues when
mapping memory addresses.

* CVE-2010-0309: KVM: Host denial of service reading /dev/port from guest.

Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM
subsystem that allows privileged users in a guest domain to cause a
denial of service (crash) of the host system.

* CVE-2010-0298 and CVE-2010-0306: KVM guest privilege escalations.

Gleb Natapov discovered issues in the KVM subsystem where missing
permission checks on the CPL and IOPL levels permit a user in a guest
system to denial of service a guest (system crash) or gain escalated
privileges with the guest.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.