[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-966-1)

Nelson Elhage nelhage at ksplice.com
Sat Aug 7 12:38:06 PDT 2010 

Synopsis: USN-966-1 can now be patched using Ksplice
CVEs: CVE-2008-7256 CVE-2010-1173 CVE-2010-1436 CVE-2010-1437 CVE-2010-1641
      CVE-2010-1643 CVE-2010-2492

Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-966-1.


INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Ubuntu 8.04 Hardy users install
these updates.  You can install these updates by running:

# uptrack-upgrade -y


DESCRIPTION

* CVE-2010-1173: Remote denial of service in SCTP.

Chris Guo, Jukka Taimisto, and Olli Jarva discovered that SCTP did not correctly
handle invalid parameters. A remote attacker could send specially crafted
traffic that could crash the system, leading to a denial of
service.


* CVE-2010-1436: Denial of service writing GFS2 quota.

Mario Mikocevic discovered that GFS2 did not correctly handle certain quota
structures. A local attacker could exploit this to crash the system, leading to
a denial of service.


* CVE-2010-1437: Denial of service in keyring subsytem.

Toshiyuki Okajima reported a race condition in the keyring subsystem.
Local users can cause memory corruption via keyctl commands that
access a keyring in the process of being deleted, resulting in a
denial of service.


* CVE-2010-1641: Insufficient privilege checking in GFS2 set_flags.

Dan Rosenberg discovered that GFS2 set_flags function did not correctly validate
permissions. A local attacker could exploit this to gain access to files,
leading to a loss of privacy and potential privilege escalation.


* CVE-2008-7256 and CVE-2010-1643: Denial of service in kernel NFS server.

Junjiro R. Okajima discovered that knfsd did not correctly handle strict
overcommit. A local attacker could exploit this to crash knfsd, leading to a
denial of service.


* CVE-2010-2492: Privilege Escalation in eCryptfs.

Andre Osterhues discovered that eCryptfs did not correctly calculate hash
values. A local attacker with certain uids could exploit this to crash the
system or potentially gain root privileges.


SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ubuntu-8.04-Updates mailing list