[Ksplice][Ubuntu-10.10-Updates] New updates available via Ksplice (USN-1023-1)

Tim Abbott tabbott at ksplice.com
Wed Dec 1 19:33:40 PST 2010

Synopsis: USN-1023-1 can now be patched using Ksplice
CVEs: CVE-2010-3848 CVE-2010-3849 CVE-2010-3850

Systems running Ubuntu 10.10 Maverick can now use Ksplice to patch against 
the latest Ubuntu Security Notice, USN-1023-1.


We recommend that all Ksplice Uptrack Ubuntu 10.10 Maverick users install 
these updates.  You can install these updates by running:

# uptrack-upgrade -y


* CVE-2010-3848: Privilege escalation in Econet with large iovecs.

The sendmsg implementation in the Econet protocol could overflow the 
kernel stack on a message with a large iovec array, potentially leading to 
privilege escalation.

* CVE-2010-3850: Privilege escalation in Econet SIOCSIFADDR operation.

The SIOCSIFADDR operation in the Econet protocol failed to check that the 
caller is privileged.

* CVE-2010-3849: Denial of service in Econet sendmsg.

When given a NULL remote address, the sendmsg implementation in the Econet 
protocol could dereference a NULL pointer, leading to a kernel oops.


Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ubuntu-10.10-Updates mailing list