[Ksplice][Debian 5.0 Updates] New updates available via Ksplice (DSA-2053-1)

[Nelson Elhage]

Synopsis: DSA-2053-1 can now be patched using Ksplice
CVEs: CVE-2010-0727 CVE-2010-1083 CVE-2010-1084 CVE-2010-1086
      CVE-2010-1087 CVE-2010-1088 CVE-2010-1162 CVE-2010-1173
      CVE-2010-1187 CVE-2010-1437

Systems running Debian 5.0 Lenny can now use Ksplice to patch against
the latest Debian Security Advisory, DSA-2053-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Debian 5.0 Lenny users install
these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* Kernel panic in bnx2_poll_work.

A programming error in the bnx2 network driver could result in a
kernel panic handling DMA to or from the device.


* CVE-2010-1083: Information leak in USB implementation.

Linus Torvalds reported an issue in the USB subsystem, which may allow
local users to obtain portions of sensitive kernel memory.


* CVE-2010-0727: Denial of Service in GFS2 locking.

Sachin Prabhu reported an issue in the GFS2 filesystem. Local users
can trigger a BUG() altering the permissions on a locked file,
resulting in a denial of service.


* CVE-2010-1084: Remote denial of Service in bluetooth subsystem.

Neil Brown reported an issue in the Bluetooth subsystem that may
permit remote attackers to overwrite memory through the creation of
large numbers of sockets, resulting in a denial of service.


* CVE-2010-1086: Infinite loop in ULE implementation.

Ang Way Chuang reported an issue in the DVB subsystem for Digital TV
adapters. By creating a specially-encoded MPEG2-TS frame, a remote
attacker could cause the receiver to enter an endless loop, resulting
in a denial of service.


* CVE-2010-1087: Denial of Service in NFS filesystem.

Trond Myklebust reported an issue in the NFS filesystem. A local user
may cause an oops by sending a fatal signal during a file truncation
operation, resulting in a denial of service.


* CVE-2010-1088: NULL pointer dereference in automount symlinks.

Al Viro reported an issue where automount symlinks may not be followed
when LOOKUP_FOLLOW is not set, resulting in a denial of service or
potential privilege escalation.


* CVE-2010-1162: Memory leak in the tty subsystem

Catalin Marinas reported an issue in the tty subsystem that allows
local attackers to cause a kernel memory leak, possibly resulting in a
denial of service.


* CVE-2010-1173: Remote denial of service in SCTP.

Chris Guo from Nokia China and Jukka Taimisto and Olli Jarva from
Codenomicon Ltd reported an issue in the SCTP subsystem that allows a
remote attacker to cause a denial of service using a malformed init
package.


* CVE-2010-1437: Denial of service in keyring subsytem.

Toshiyuki Okajima reported a race condition in the keyring subsystem.
Local users can cause memory corruption via keyctl commands that
access a keyring in the process of being deleted, resulting in a
denial of service.


* r8169: Fix receive buffer size calculation.

A logic error in the r8169 driver would cause large IP packets to be
dropped when the device was configured with certain MTU sizes.


* CVE-2010-1187: NULL pointer dereference in TIPC subsystem.

Neil Hormon reported an issue in the TIPC subsystem. Local users can
cause a denial of service by way of a NULL pointer dereference by
sending datagrams through AF_TIPC before entering network mode.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.