[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (2.6.32-46.105)
Samson Yeung
samson.yeung at oracle.com
Fri Mar 22 13:32:50 PDT 2013
Synopsis: 2.6.32-46.105 can now be patched using Ksplice
CVEs: CVE-2013-0268 CVE-2013-1773
Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch
against the latest Ubuntu kernel update, 2.6.32-46.105.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2013-0268: /dev/cpu/*/msr local privilege escalation.
Access to /dev/cpu/*/msr was protected only using filesystem
checks. A local uid 0 (root) user with all capabilities dropped
could use this flaw to execute arbitrary code in kernel mode.
* CVE-2013-1773: Heap buffer overflow in VFAT Unicode handling.
Unicode conversion functions used in the VFAT filesystem were vulnerable
to buffer overruns. Carefully constructed VFAT partitions mounted with
the utf8 option could allow an attacker to corrupt kernel memory and
possibly execute code in kernel mode.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-10.04-Updates
mailing list