[Ksplice][Ubuntu-10.10-Updates] New updates available via Ksplice (USN-1023-1)
Tim Abbott
tabbott at ksplice.com
Wed Dec 1 19:33:40 PST 2010
Synopsis: USN-1023-1 can now be patched using Ksplice
CVEs: CVE-2010-3848 CVE-2010-3849 CVE-2010-3850
Systems running Ubuntu 10.10 Maverick can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-1023-1.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack Ubuntu 10.10 Maverick users install
these updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-3848: Privilege escalation in Econet with large iovecs.
The sendmsg implementation in the Econet protocol could overflow the
kernel stack on a message with a large iovec array, potentially leading to
privilege escalation.
* CVE-2010-3850: Privilege escalation in Econet SIOCSIFADDR operation.
The SIOCSIFADDR operation in the Econet protocol failed to check that the
caller is privileged.
* CVE-2010-3849: Denial of service in Econet sendmsg.
When given a NULL remote address, the sendmsg implementation in the Econet
protocol could dereference a NULL pointer, leading to a kernel oops.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ubuntu-10.10-Updates
mailing list