[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-966-1)
Nelson Elhage
nelhage at ksplice.com
Sat Aug 7 12:38:06 PDT 2010
Synopsis: USN-966-1 can now be patched using Ksplice
CVEs: CVE-2008-7256 CVE-2010-1173 CVE-2010-1436 CVE-2010-1437 CVE-2010-1641
CVE-2010-1643 CVE-2010-2492
Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-966-1.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack Ubuntu 8.04 Hardy users install
these updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-1173: Remote denial of service in SCTP.
Chris Guo, Jukka Taimisto, and Olli Jarva discovered that SCTP did not correctly
handle invalid parameters. A remote attacker could send specially crafted
traffic that could crash the system, leading to a denial of
service.
* CVE-2010-1436: Denial of service writing GFS2 quota.
Mario Mikocevic discovered that GFS2 did not correctly handle certain quota
structures. A local attacker could exploit this to crash the system, leading to
a denial of service.
* CVE-2010-1437: Denial of service in keyring subsytem.
Toshiyuki Okajima reported a race condition in the keyring subsystem.
Local users can cause memory corruption via keyctl commands that
access a keyring in the process of being deleted, resulting in a
denial of service.
* CVE-2010-1641: Insufficient privilege checking in GFS2 set_flags.
Dan Rosenberg discovered that GFS2 set_flags function did not correctly validate
permissions. A local attacker could exploit this to gain access to files,
leading to a loss of privacy and potential privilege escalation.
* CVE-2008-7256 and CVE-2010-1643: Denial of service in kernel NFS server.
Junjiro R. Okajima discovered that knfsd did not correctly handle strict
overcommit. A local attacker could exploit this to crash knfsd, leading to a
denial of service.
* CVE-2010-2492: Privilege Escalation in eCryptfs.
Andre Osterhues discovered that eCryptfs did not correctly calculate hash
values. A local attacker with certain uids could exploit this to crash the
system or potentially gain root privileges.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ubuntu-8.04-Updates
mailing list