From andersk at ksplice.com Tue Sep 21 18:18:13 2010 From: andersk at ksplice.com (Anders Kaseorg) Date: Tue, 21 Sep 2010 21:18:13 -0400 (EDT) Subject: [Ksplice][Fedora-13-Updates] New updates available via Ksplice (FEDORA-2010-14890) Message-ID: Synopsis: FEDORA-2010-14890 can now be patched using Ksplice CVEs: CVE-2010-3067 CVE-2010-3079 CVE-2010-3080 CVE-2010-3081 CVE-2010-3301 Systems running Fedora 13 can now use Ksplice to patch against the latest Fedora security update, FEDORA-2010-14890. INSTALLING THE UPDATES We recommend that all Ksplice Uptrack Fedora 13 users install these updates. You can install these updates by running: # uptrack-upgrade -y DESCRIPTION * CVE-2010-3081: Privilege escalation through stack underflow in compat. A flaw was found in the 32-bit compatibility layer for 64-bit systems. User-space memory was allocated insecurely when translating system call inputs to 64-bit. A stack pointer underflow could occur when using the "compat_alloc_user_space" method with an arbitrary length input, as in getsockopt. * CVE-2010-3301: Privilege escalation in 32-bit syscall entry via ptrace. The system call entry path for 32-bit processes on 64-bit systems validated only the low 32 bits of a 64-bit system call number. A local user could make a crafted system call with ptrace to execute arbitrary code in the kernel and obtain privileges. * CVE-2010-3080: Privilege escalation in ALSA sound system OSS emulation. Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation layer. Local users with sufficient privileges to open /dev/sequencer can cause a denial of service or privilege escalation via a NULL pointer dereference. * Mitigate denial of service attacks with large argument lists. This update corrects a series of issues where an attacker could crash a system or make it unresponsive through attacks involving processes with very large argument lists. * CVE-2010-3067: Multiplication overflow in asynchronous I/O subsystem. The asynchronous I/O subsystem's do_io_submit funciton did not do proper bound checking on its iocb argument, resulting in a multiplication overflow. * CVE-2010-3079: NULL pointer dereference in ftrace. The ftrace kernel function tracing system exports a special file set_ftrace_filter via debugfs. When this file is accessed via lseek, it could result in a NULL pointer dereference. This update disables the use of lseek on the set_ftrace_filter special file. SUPPORT Ksplice support is available at support at ksplice.com or +1 765-577-5423.