[Ksplice][Ubuntu-10.10-Updates] New updates available via Ksplice (USN-1000-1)
Tim Abbott
tabbott at ksplice.com
Wed Oct 20 00:03:44 PDT 2010
Synopsis: USN-1000-1 can now be patched using Ksplice
CVEs: CVE-2010-3477 CVE-2010-3904
Systems running Ubuntu 10.10 Maverick can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-1000-1.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack Ubuntu 10.10 Maverick users install
these updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-3477: Kernel information leak in act_police.
Incorrectly initialized structures in the traffic control dump code may
allow the disclosure of kernel memory to userspace applications. This is a
similar issue to CVE-2010-2942.
* CVE-2010-3904: Local privilege escalation vulnerability in RDS sockets.
The rds_page_copy_user function did not perform any access checks on
user-provided pointers before using unchecked __copy_*_user_inatomic
functions, which can be exploited by a local user to write to arbitrary
kernel memory and escalate privileges.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ubuntu-10.10-Updates
mailing list