[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (Ubuntu-2.6.32-25.44)
Anders Kaseorg
andersk at ksplice.com
Tue Sep 28 10:07:35 PDT 2010
Synopsis: Ubuntu-2.6.32-25.44 can now be patched using Ksplice
CVEs: CVE-2010-2066 CVE-2010-2226 CVE-2010-2478 CVE-2010-2495 CVE-2010-2524 CVE-2010-2537 CVE-2010-2538 CVE-2010-2798 CVE-2010-2946 CVE-2010-3015
Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch against
the latest Ubuntu kernel update, Ubuntu-2.6.32-25.44.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack Ubuntu 10.04 Lucid users install
these updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-2495: Denial of Service in L2TP.
The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP
implementation in the Linux kernel before 2.6.34 does not properly
validate certain values associated with an interface, which allows
attackers to cause a denial of service (NULL pointer dereference and
OOPS) or possibly have unspecified other impact via vectors related to a
routing change.
* CVE-2010-2524: False CIFS mount via DNS cache poisoning.
A flaw was found in the dns_resolver upcall used by CIFS. A local,
unprivileged user could redirect a Microsoft Distributed File System
link to another IP address, tricking the client into mounting the share
from a server of the user's choosing. (CVE-2010-2524, Moderate)
* CVE-2010-2537, CVE-2010-2538: Missing access checks in btrfs filesystem.
The BTRFS_IOC_CLONE and BTRFS_IOC_CLONE_RANGE ioctls allows write access
to append-only files. The BTRFS_IOC_CLONE_RANGE ioctl potentially
allows unauthorized reading at out-of-bounds offsets.
* CVE-2010-2478: Buffer overflow in ethtool.
An integer overflow in the implementation of the unprivileged
ETHTOOL_GRXCLSRLALL command may lead to a buffer overflow in the kernel,
resulting in denial of service or privilege escalation.
* CVE-2010-2226: Read access to write-only files in XFS filesystem.
A flaw was found in the handling of the SWAPEXT IOCTL in the Linux
kernel XFS file system implementation. A local user could use this flaw
to read write-only files, that they do not own, on an XFS file system.
This could lead to unintended information disclosure. (CVE-2010-2226,
Moderate)
* CVE-2010-2798: Denial of service in GFS2.
Bob Peterson reported an issue in the GFS2 file system. A file system
user could cause a denial of service (Oops) via certain rename
operations.
* CVE-2010-2946: Access control bypass in JFS filesystem.
Extended attribute namespace access rules may be bypassed by using the
legacy-format os2 namespace.
* CVE-2010-2066: Missing privilege check in ext4 for append-only files.
A missing check was found in the mext_check_arguments() function in the
ext4 file system code. A local user could use this flaw to cause the
MOVE_EXT IOCTL to overwrite the contents of an append-only file on an
ext4 file system, if they have write permissions for that file.
(CVE-2010-2066, Low)
* Denial of Service in OCFS2 locking.
A flaw was found in the ocfs2_lock() implementation. The OCFS2 locking
code could skip the lock operation for files that have the S_ISGID bit
(set-group-ID on execution) in their mode set. A local, unprivileged
user on a system that has a OCFS2 file system mounted could use this
flaw to cause a kernel panic.
* Additional CVE-2010-2240 update: Fix stack guard with mlock/mprotect.
The stack guard page code in the original upstream patch for
CVE-2010-2240 failed when the stack memory area had been split by
certain calls to mlock or mprotect.
* CVE-2010-3015: Integer overflow in ext4 filesystem.
An integer overflow flaw was found in the ext4_ext_get_blocks()
function. This can trigger a BUG() on certain configurations of ext4
file systems.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ubuntu-10.04-Updates
mailing list