[Ksplice][Debian 5.0 Updates] New updates available via Ksplice (DSA-2110-1)

[Greg Price]

Synopsis: DSA-2110-1 can now be patched using Ksplice
CVEs: CVE-2010-2492 CVE-2010-2954 CVE-2010-3078 CVE-2010-3080 CVE-2010-3081

Systems running Debian 5.0 Lenny can now use Ksplice to patch against
the latest Debian Security Advisory, DSA-2110-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Debian 5.0 Lenny users install
these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2010-3081: Privilege escalation through stack underflow in compat.

A flaw was found in the 32-bit compatibility layer for 64-bit systems.
User-space memory was allocated insecurely when translating system
call inputs to 64-bit.  A stack pointer underflow could occur when
using the "compat_alloc_user_space" method with an arbitrary length
input, as in getsockopt.


* CVE-2010-3080: Privilege escalation in ALSA sound system OSS emulation.

Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation
layer.  Local users with sufficient privileges to open /dev/sequencer
(by default on Debian, this is members of the 'audio' group) can
cause a denial of service via a NULL pointer dereference.


* CVE-2010-3078: Information disclosure in XFS.

Dan Rosenberg discovered an issue in the XFS file system that allows
local users to read potentially sensitive kernel memory.


* CVE-2010-2954: NULL dereference in irda subsystem.

Tavis Ormandy reported an issue in the irda subsystem which may allow
local users to cause a denial of service via a NULL pointer dereference.


* CVE-2010-2492: Privilege escalation in eCryptfs.

Andre Osterhues discovered that eCryptfs did not correctly allocate a
hash table.  A local attacker with certain uids could exploit this to
crash the system or potentially gain root privileges.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.