[Ksplice][Fedora-13-Updates] New updates available via Ksplice (FEDORA-2010-18506)
Tim Abbott
tabbott at ksplice.com
Wed Dec 8 08:51:12 PST 2010
Synopsis: FEDORA-2010-18506 can now be patched using Ksplice
CVEs: CVE-2010-3880 CVE-2010-3904 CVE-2010-4072 CVE-2010-4073 CVE-2010-4075 CVE-2010-4076 CVE-2010-4077 CVE-2010-4082 CVE-2010-4248
Systems running Fedora 13 can now use Ksplice to patch against the latest
Fedora security update, FEDORA-2010-18506.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack Fedora 13 users install these
updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-3904: Local privilege escalation vulnerability in RDS sockets.
The rds_page_copy_user function did not perform any access checks on
user-provided pointers before using unchecked __copy_*_user_inatomic
functions, which can be exploited by a local user to write to arbitrary
kernel memory and escalate privileges.
* CVE-2010-4073: Kernel information leaks in ipc compat subsystem.
Several functions in the System V IPC 32-bit compatability subsystem did
not properly clear fields before copying data to user space, leaking data
from uninitialized kernel stack memory to user space.
* CVE-2010-4072: Kernel information leak in ipc shm subsystem.
Several functions in the System V IPC shared memory subsystem did not
properly clear fields before copying data to user space, leaking data from
uninitialized kernel stack memory to user space.
* CVE-2010-3880: Logic error in INET_DIAG bytecode auditing.
The INET-DIAG subsystem is inconsistent about how it looks up the bytecode
contained in a netlink message, making it possible for a user to cause the
kernel to execute unaudited INET-DIAG bytecode. This can be abused to make
the kernel enter an infinite loop, and possibly other consequences.
* CVE-2010-4248: Race condition in __exit_signal with multithreaded exec.
A race condition in the __exit_signal function in kernel/exit.c allows
local users to cause a denial of service via vectors related to
multithreaded exec, the use of a thread group leader in
kernel/posix-cpu-timers.c, and the selection of a new thread group leader
in the de_thread function in fs/exec.c.
* CVE-2010-4082: Kernel information leak in VIAFB_GET_INFO.
The VIAFB_GET_INFO device ioctl allows unprivileged users to read 246
bytes of uninitialized stack memory, because the "reserved" member of the
viafb_ioctl_info struct declared on the stack is not altered or zeroed
before being copied back to the user.
* CVE-2010-4076: Kernel information leak in amiserial driver.
The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack is not altered or
zeroed before being copied back to the user.
* CVE-2010-4077: Kernel information leak in nozomi driver.
The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack is not altered or
zeroed before being copied back to the user.
* CVE-2010-4075: Kernel information leak in serial subsystem.
The TIOCGICOUNT device ioctl allows unprivileged users to read
uninitialized stack memory, because the "reserved" member of the
serial_icounter_struct struct declared on the stack is not altered or
zeroed before being copied back to the user.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Fedora-13-Updates
mailing list