[Ksplice][Ubuntu 9.04 Updates] New updates available via Ksplice (USN-974-1)

[Nelson Elhage]

Synopsis: USN-974-1 can now be patched using Ksplice
CVEs: CVE-2010-2240 CVE-2010-2803 CVE-2010-2959

Systems running Ubuntu 9.04 Jaunty can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-974-1.


INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Ubuntu 9.04 Jaunty users install
these updates.  You can install these updates by running:

# uptrack-upgrade -y


DESCRIPTION

* CVE-2010-2803: Information leak in drm subsystem.

Kees Cook discovered that under certain situations the ioctl subsystem
for DRM did not properly sanitize its arguments.  A local attacker
could exploit this to read previously freed kernel memory.
(CVE-2010-2803).


* CVE-2010-2959: Privilege escalation in Controller Area Network subsystem.

Ben Hawkes discovered an integer overflow in the Controller Area
Network (CAN) subsystem when setting up frame content and filtering
certain messages. An attacker could send specially crafted CAN traffic
to crash the system or gain root privileges. (CVE-2010-2959).


* CVE-2010-2240: Privilege escalation vulnerability in memory manager.

Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the
memory manager did not properly handle when applications grow stacks
into adjacent memory regions. A local attacker could exploit this to
gain control of certain applications, potentially leading to privilege
escalation, as demonstrated in attacks against the X
server. (CVE-2010-2240).


SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.