[Ksplice][CloudLinux 5 Updates] New updates available via Ksplice (2.6.18-374.3.1.el5.lve0.8.44)

Tue Oct 11 10:03:29 PDT 2011

Synopsis: 2.6.18-374.3.1.el5.lve0.8.44 can now be patched using Ksplice
CVEs: CVE-2011-2482 CVE-2011-2491 CVE-2011-2495 CVE-2011-2517 CVE-2011-2525
Red Hat Security Advisory Severity: Important

Systems running CloudLinux 5 can now use Ksplice to patch against the
latest CloudLinux 5 kernel update, 2.6.18-374.3.1.el5.lve0.8.44.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 5 install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

DESCRIPTION

* CVE-2011-2525: Denial of Service in packet scheduler API

A flaw allowed the tc_fill_qdisc() function in the Linux kernel's
packet scheduler API implementation to be called on built-in qdisc
structures.  A local, unprivileged user could use this flaw to trigger
a NULL pointer dereference, resulting in a denial of service.
(CVE-2011-2525, Moderate)

* Fix crashes using openvpn via udp on venet devices.

In some circumstances (such as using openvpn via udp on venet
devices), fragmented traffic might escape the L2 header allocation
before reaching venet_xmit, resulting in an out of range memory access
and a kernel panic.

* Crash when processing netfilter bridging traffic.

Ethernet control buffer packets were not zeroed properly during the
processing of netfilter bridging traffic, causing a kernel crash.

* CVE-2011-2517: Buffer overflow in 802.11 netlink interface.

The nl80211_trigger_scan function failed to check for a valid SSID
length, leading to denial of service via buffer
overflow.

* Hangs using direct I/O with XFS filesystem.

An error path in the xfs_write function did not correctly unlock the
inode mutex, resulting in hung task timeouts.

* CVE-2011-2482: Remote denial of service vulnerability in SCTP.

A NULL pointer dereference flaw was found in the Linux kernel's Stream
Control Transmission Protocol (SCTP) implementation.  A remote
attacker could send a specially-crafted SCTP packet to a target
system, resulting in a denial of service. (CVE-2011-2482, Important).

* CVE-2011-2495: Information leak in /proc/PID/io.

/proc/[PID]/io is world-readable by default. Previously, these files
could be read without any further restrictions. A local, unprivileged
user could read these files, belonging to other, possibly privileged
processes to gather confidential information, such as the length of a
password used in a process.

* CVE-2011-2491: Local denial of service in NLM subsystem.

A flaw in the client-side NLM implementation could allow a local,
unprivileged user to cause a denial of service.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.