[Ksplice][Ubuntu-12.04-Updates] Important update available for CVE-2014-1737 and CVE-2014-1738

Sasha Levin sasha.levin at oracle.com
Sun May 11 18:33:49 PDT 2014


Synopsis: Early update for local privilege escalation in floppy driver
CVEs: CVE-2014-1737 CVE-2014-1738

An update that fixes CVE-2014-1737 and CVE-2014-1738 is now available
through Ksplice for your kernel.

The two CVEs affect the floppy driver which may be loaded even when
a floppy isn't present in the system, and allow an attacker to escalate
their privileges when they have local access.

We felt that it's important for us to ship this update early, before
distributions released kernels that fix the problem, because our audit
showed that we have a large number of customers affected by the CVEs.

INSTALLING THE UPDATES

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y



More information about the Ksplice-Ubuntu-12.04-Updates mailing list