[Ksplice][Ubuntu 10.04 Updates] New updates available via Ksplice (USN-2490-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed Feb 4 10:05:48 PST 2015
Synopsis: USN-2490-1 can now be patched using Ksplice
CVEs: CVE-2014-8133 CVE-2014-9420
Systems running Ubuntu 10.04 Lucid can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-2490-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Ubuntu 10.04 Lucid
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2014-9420: Infinite loop in isofs when parsing continuation entries.
A flaw in the iso9660 file system support could lead to an infinite
recursion loop when parsing continuation entries. An unprivileged user
could use this flaw to crash the system resulting in a denial-of-service.
* CVE-2014-8133: Information leak in thread area of 32-bit KVM guests.
The espfix implementation which prevents kernel information leaking to
unprivileged guests can be bypassed by creating a custom thread area. A
local unprivileged user could potentially use this flaw to leak stack
addresses.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-10.04-Updates
mailing list