[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (USN-1976-1)

[Oracle Ksplice]

Synopsis: USN-1976-1 can now be patched using Ksplice
CVEs: CVE-2013-0343 CVE-2013-2888 CVE-2013-2892

Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-1976-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-2888: Memory corruption in Human Input Device processing.

The kernel does not correctly validate the 'Report ID' field in HID data allowing
a malicious USB or Bluetooth device to cause memory corruption and gain kernel
code execution.


* CVE-2013-0343: Denial of service in IPv6 privacy extensions.

A malicious remote user can disable IPv6 privacy extensions by flooding the host
with malicious temporary addresses.


* CVE-2013-2892: Memory corruption in Pantherlord Human Input Device processing.

Missing validation of HID report data could cause corruption of heap
memory.  A local user with physical access to the system could use this
flaw to crash the kernel resulting in DoS or potential privilege
escalation to gain root access via arbitrary code execution.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.