[Ksplice][Ubuntu 8.04 Updates] New updates available via Ksplice (USN-974-1)
Nelson Elhage
nelhage at ksplice.com
Sat Aug 21 17:17:37 PDT 2010
Synopsis: USN-974-1 can now be patched using Ksplice
CVEs: CVE-2010-2240
Systems running Ubuntu 8.04 Hardy can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-974-1.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack Ubuntu 8.04 Hardy users install
these updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-2240: Privilege escalation vulnerability in memory manager.
Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the
memory manager did not properly handle when applications grow stacks
into adjacent memory regions. A local attacker could exploit this to
gain control of certain applications, potentially leading to privilege
escalation, as demonstrated in attacks against the X
server. (CVE-2010-2240).
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ubuntu-8.04-Updates
mailing list