[Ksplice][Ubuntu 9.04 Updates] New updates available via Ksplice (USN-947-1)

[Nelson Elhage]

Synopsis: USN-947-1 can now be patched using Ksplice
CVEs: CVE-2009-4537 CVE-2010-0298 CVE-2010-0306 CVE-2010-0419 CVE-2010-0727
      CVE-2010-1083 CVE-2010-1084 CVE-2010-1085 CVE-2010-1086 CVE-2010-1087
      CVE-2010-1162 CVE-2010-1187

Systems running Ubuntu 9.04 Jaunty can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-947-1.


INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack Ubuntu 9.04 Jaunty users install
these updates.  You can install these updates by running:

# uptrack-upgrade -y


DESCRIPTION

* CVE-2010-1083: Information leak in USB processcompl_compat.

Marcus Meissner discovered that the USB subsystem did not correctly
handle certain error conditions.  A local attacker with access to a
USB device could exploit this to read recently used kernel memory,
leading to a loss of privacy and potentially root privilege
escalation.


* CVE-2010-1084: Remote denial of service in Bluetooth subsystem.

Neil Brown discovered that the Bluetooth subsystem did not correctly
handle large amounts of traffic.  A physically proximate remote
attacker could exploit this by sending specially crafted traffic that
would consume all available system memory, leading to a denial of
service.


* CVE-2010-1085: Divide by zero in hda_intel driver.

Jody Bruchon discovered that the sound driver for the AMD780V did not
correctly handle certain conditions.  A local attacker with access to
this hardward could exploit the flaw to cause a system crash, leading
to a denial of service.


* CVE-2010-1086: Infinite loop in ULE implementation.

Ang Way Chuang discovered that the DVB driver did not correctly handle
certain MPEG2-TS frames.  An attacker could exploit this by delivering
specially crafted frames to monopolize CPU resources, leading to a
denial of service.


* CVE-2010-0727: Denial of Service in GFS2 locking.

Sachin Prabhu reported an issue in the GFS2 filesystem. Local users
can trigger a BUG() altering the permissions on a locked file,
resulting in a denial of service.


* CVE-2010-1187: NULL pointer dereference in TIPC subsystem.

Neil Hormon reported an issue in the TIPC subsystem. Local users can
cause a denial of service by way of a NULL pointer dereference by
sending datagrams through AF_TIPC before entering network mode.


* CVE-2010-1162: Memory leak in the tty subsystem

Catalin Marinas reported an issue in the tty subsystem that allows
local attackers to cause a kernel memory leak, possibly resulting in a
denial of service.


* CVE-2010-1087: Denial of Service in NFS filesystem.

Trond Myklebust reported an issue in the NFS filesystem. A local user
may cause an oops by sending a fatal signal during a file truncation
operation, resulting in a denial of service.


* CVE-2009-4537: Remote buffer overflow in r8169 driver.

It was discovered that the r8169 network driver did not correctly check
the size of Ethernet frames.  A remote attacker could send specially
crafted traffic to crash the system, leading to a denial of service.


* CVE-2010-0419: Privilege escalation in KVM guests.

It was discovered that KVM did not correctly limit certain privileged
IO accesses on x86.  Processes in the guest OS with access to IO
regions could gain further privileges within the guest OS.


* CVE-2010-0298 and CVE-2010-0306: KVM guest privilege escalations.

Gleb Natapov discovered issues in the KVM subsystem where missing
permission checks on the CPL and IOPL levels permit a user in a guest
system to denial of service a guest (system crash) or gain escalated
privileges with the guest.


SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.