[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (2.6.32-53.115)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Nov 7 22:15:49 PST 2013 

Synopsis: 2.6.32-53.115 can now be patched using Ksplice
CVEs: CVE-2013-2147 CVE-2013-2889 CVE-2013-2893 CVE-2013-2897 CVE-2013-4299

Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch
against the latest Ubuntu kernel update, 2.6.32-53.115.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-2889: Memory corruption in Zeroplus HID driver.

The Zeroplus game controller device driver does not correctly validate
data from devices allowing a malicious device to cause kernel memory
corruption and potentially gain kernel code execution.


* CVE-2013-2897: Memory corruption in multitouch HID driver.

The multitouch HID driver does not correctly validate data from devices allowing
a malicious device to cause kernel memory corruption and potentially gain kernel
code execution.


* CVE-2013-2893: Memory corruption in Logitech force feedback devices.

The Logitech force feedback driver does not correctly validate data from devices
allowing a malicious device to cause kernel memory corruption and potentially
gain kernel code execution.


* CVE-2013-2147: Kernel memory leak in HP and Compaq controllers.

Missing initialization of a returned result in the HP Smart Array and
Compaq SMART2 controllers could leak internal kernel memory back to
userspace.


* CVE-2013-4299: Information leak in device mapper persistent snapshots.

An information leak flaw was found in the way Linux kernel's device
mapper subsystem, under certain conditions, interpreted data written to
snapshot block devices. An attacker could use this flaw to read data
from disk blocks in free space, which are normally inaccessible.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-10.04-Updates mailing list