[Ksplice][Fedora-13-Updates] New updates available via Ksplice (FEDORA-2010-14890)

Anders Kaseorg andersk at ksplice.com
Tue Sep 21 18:18:13 PDT 2010 

Synopsis: FEDORA-2010-14890 can now be patched using Ksplice
CVEs: CVE-2010-3067 CVE-2010-3079 CVE-2010-3080 CVE-2010-3081 CVE-2010-3301

Systems running Fedora 13 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2010-14890.


INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Fedora 13 users install these
updates.  You can install these updates by running:

# uptrack-upgrade -y


DESCRIPTION

* CVE-2010-3081: Privilege escalation through stack underflow in compat.

A flaw was found in the 32-bit compatibility layer for 64-bit systems.
User-space memory was allocated insecurely when translating system
call inputs to 64-bit.  A stack pointer underflow could occur when
using the "compat_alloc_user_space" method with an arbitrary length
input, as in getsockopt.


* CVE-2010-3301: Privilege escalation in 32-bit syscall entry via ptrace.

The system call entry path for 32-bit processes on 64-bit systems
validated only the low 32 bits of a 64-bit system call number.  A
local user could make a crafted system call with ptrace to execute
arbitrary code in the kernel and obtain privileges.


* CVE-2010-3080: Privilege escalation in ALSA sound system OSS emulation.

Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation
layer.  Local users with sufficient privileges to open /dev/sequencer
can cause a denial of service or privilege escalation via a NULL
pointer dereference.


* Mitigate denial of service attacks with large argument lists.

This update corrects a series of issues where an attacker could crash
a system or make it unresponsive through attacks involving processes
with very large argument lists.


* CVE-2010-3067: Multiplication overflow in asynchronous I/O subsystem.

The asynchronous I/O subsystem's do_io_submit funciton did not do
proper bound checking on its iocb argument, resulting in a
multiplication overflow.


* CVE-2010-3079: NULL pointer dereference in ftrace.

The ftrace kernel function tracing system exports a special file
set_ftrace_filter via debugfs.  When this file is accessed via lseek,
it could result in a NULL pointer dereference.  This update disables
the use of lseek on the set_ftrace_filter special file.


SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Fedora-13-Updates mailing list