From nelhage at ksplice.com Sun Jun 6 12:05:41 2010 From: nelhage at ksplice.com (Nelson Elhage) Date: Sun, 6 Jun 2010 15:05:41 -0400 Subject: [Ksplice][Ubuntu 9.04 Updates] New updates available via Ksplice (USN-947-1) Message-ID: <20100606190541.GW27061@ksplice.com> Synopsis: USN-947-1 can now be patched using Ksplice CVEs: CVE-2009-4537 CVE-2010-0298 CVE-2010-0306 CVE-2010-0419 CVE-2010-0727 CVE-2010-1083 CVE-2010-1084 CVE-2010-1085 CVE-2010-1086 CVE-2010-1087 CVE-2010-1162 CVE-2010-1187 Systems running Ubuntu 9.04 Jaunty can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-947-1. INSTALLING THE UPDATES We recommend that all Ksplice Uptrack Ubuntu 9.04 Jaunty users install these updates. You can install these updates by running: # uptrack-upgrade -y DESCRIPTION * CVE-2010-1083: Information leak in USB processcompl_compat. Marcus Meissner discovered that the USB subsystem did not correctly handle certain error conditions. A local attacker with access to a USB device could exploit this to read recently used kernel memory, leading to a loss of privacy and potentially root privilege escalation. * CVE-2010-1084: Remote denial of service in Bluetooth subsystem. Neil Brown discovered that the Bluetooth subsystem did not correctly handle large amounts of traffic. A physically proximate remote attacker could exploit this by sending specially crafted traffic that would consume all available system memory, leading to a denial of service. * CVE-2010-1085: Divide by zero in hda_intel driver. Jody Bruchon discovered that the sound driver for the AMD780V did not correctly handle certain conditions. A local attacker with access to this hardward could exploit the flaw to cause a system crash, leading to a denial of service. * CVE-2010-1086: Infinite loop in ULE implementation. Ang Way Chuang discovered that the DVB driver did not correctly handle certain MPEG2-TS frames. An attacker could exploit this by delivering specially crafted frames to monopolize CPU resources, leading to a denial of service. * CVE-2010-0727: Denial of Service in GFS2 locking. Sachin Prabhu reported an issue in the GFS2 filesystem. Local users can trigger a BUG() altering the permissions on a locked file, resulting in a denial of service. * CVE-2010-1187: NULL pointer dereference in TIPC subsystem. Neil Hormon reported an issue in the TIPC subsystem. Local users can cause a denial of service by way of a NULL pointer dereference by sending datagrams through AF_TIPC before entering network mode. * CVE-2010-1162: Memory leak in the tty subsystem Catalin Marinas reported an issue in the tty subsystem that allows local attackers to cause a kernel memory leak, possibly resulting in a denial of service. * CVE-2010-1087: Denial of Service in NFS filesystem. Trond Myklebust reported an issue in the NFS filesystem. A local user may cause an oops by sending a fatal signal during a file truncation operation, resulting in a denial of service. * CVE-2009-4537: Remote buffer overflow in r8169 driver. It was discovered that the r8169 network driver did not correctly check the size of Ethernet frames. A remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. * CVE-2010-0419: Privilege escalation in KVM guests. It was discovered that KVM did not correctly limit certain privileged IO accesses on x86. Processes in the guest OS with access to IO regions could gain further privileges within the guest OS. * CVE-2010-0298 and CVE-2010-0306: KVM guest privilege escalations. Gleb Natapov discovered issues in the KVM subsystem where missing permission checks on the CPL and IOPL levels permit a user in a guest system to denial of service a guest (system crash) or gain escalated privileges with the guest. SUPPORT Ksplice support is available at support at ksplice.com or +1 765-577-5423.