[Ksplice][Fedora-13-Updates] New updates available via Ksplice (FEDORA-2010-14890)
Anders Kaseorg
andersk at ksplice.com
Tue Sep 21 18:18:13 PDT 2010
Synopsis: FEDORA-2010-14890 can now be patched using Ksplice
CVEs: CVE-2010-3067 CVE-2010-3079 CVE-2010-3080 CVE-2010-3081 CVE-2010-3301
Systems running Fedora 13 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2010-14890.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack Fedora 13 users install these
updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-3081: Privilege escalation through stack underflow in compat.
A flaw was found in the 32-bit compatibility layer for 64-bit systems.
User-space memory was allocated insecurely when translating system
call inputs to 64-bit. A stack pointer underflow could occur when
using the "compat_alloc_user_space" method with an arbitrary length
input, as in getsockopt.
* CVE-2010-3301: Privilege escalation in 32-bit syscall entry via ptrace.
The system call entry path for 32-bit processes on 64-bit systems
validated only the low 32 bits of a 64-bit system call number. A
local user could make a crafted system call with ptrace to execute
arbitrary code in the kernel and obtain privileges.
* CVE-2010-3080: Privilege escalation in ALSA sound system OSS emulation.
Tavis Ormandy reported an issue in the ALSA sequencer OSS emulation
layer. Local users with sufficient privileges to open /dev/sequencer
can cause a denial of service or privilege escalation via a NULL
pointer dereference.
* Mitigate denial of service attacks with large argument lists.
This update corrects a series of issues where an attacker could crash
a system or make it unresponsive through attacks involving processes
with very large argument lists.
* CVE-2010-3067: Multiplication overflow in asynchronous I/O subsystem.
The asynchronous I/O subsystem's do_io_submit funciton did not do
proper bound checking on its iocb argument, resulting in a
multiplication overflow.
* CVE-2010-3079: NULL pointer dereference in ftrace.
The ftrace kernel function tracing system exports a special file
set_ftrace_filter via debugfs. When this file is accessed via lseek,
it could result in a NULL pointer dereference. This update disables
the use of lseek on the set_ftrace_filter special file.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Fedora-13-Updates
mailing list