[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (USN-1824-1)
Eduardo Silva
eduardo.silva at oracle.com
Thu May 16 11:17:33 PDT 2013
Synopsis: USN-1824-1 can now be patched using Ksplice
CVEs: CVE-2012-6549 CVE-2013-1826 CVE-2013-1860 CVE-2013-1928 CVE-2013-2634
Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1824-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2013-1928: Kernel information leak in
compat_ioctl/VIDEO_SET_SPU_PALETTE.
The compat control device call for VIDEO_SET_SPU_PALETTE was missing an
error check
while converting the input arguments. This could lead to leaking kernel
stack contents into userspace.
* CVE-2013-2634: kernel leak in the data center bridging (dcb) component.
The dcb netlink interface leaks stack memory in various places.
* CVE-2012-6549: Information leak in isofs export.
The isofs_export_encode_fh function does not initialize a certain
structure member, which allows local users to obtain sensitive
information from kernel heap memory via a crafted application.
* CVE-2013-1826: invalid return on xfrm_user could lead to privilege
escalation.
An invalid return type from XFRM (user) could allow to execute user code in
Kernel context (privilege escalation).
* CVE-2013-1860: Buffer overflow in Wireless Device Management driver.
A malicious USB device can cause a buffer overflow and gain kernel code
execution
by sending malformed Wireless Device Management packets.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-10.04-Updates
mailing list