[Ksplice][CloudLinux 5 Updates] New updates available via Ksplice (kernel-2.6.18-374.12.1.el5.lve0.8.54)

[Jessica McKellar]

Synopsis: kernel-2.6.18-374.12.1.el5.lve0.8.54 can now be patched using 
Ksplice
CVEs: CVE-2009-4067 CVE-2011-1160 CVE-2011-1162 CVE-2011-1585 
CVE-2011-1833 CVE-2011-2203 CVE-2011-2484 CVE-2011-2494 CVE-2011-2496 
CVE-2011-2695 CVE-2011-2699 CVE-2011-2723 CVE-2011-2942 CVE-2011-3188 
CVE-2011-3191 CVE-2011-3209 CVE-2011-3363 CVE-2011-4110
Red Hat Security Advisory Severity: Important

Systems running CloudLinux 5 can now use Ksplice to patch against the
latest CloudLinux 5 kernel update, kernel-2.6.18-374.12.1.el5.lve0.8.54.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 5 install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-1160: Information leak in tpm driver.

A buffer was not initialized before being returned to userspace,
leading to a leak of potentially sensitive kernel memory.


* CVE-2011-1585: Authentication bypass in CIFS.

Jeff Layton reported an issue in the Common Internet File System (CIFS).
Local users can bypass authentication requirements for shares that are
already mounted by another user.


* CVE-2011-2484: Denial of service in taskstats subsystem.

The add_del_listener function in kernel/taskstats.c in the Linux kernel
did not prevent multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU consumption),
and bypass the OOM Killer, via a crafted application.


* CVE-2011-2496: Local denial of service in mremap().

Robert Swiecki discovered that mremap() could be abused for local denial of
service by triggering a BUG_ON assert.


* CVE-2009-4067: Buffer overflow in Auerswald usb driver.

A buffer overflow flaw was found in the Linux kernel's Auerswald
PBX/System Telephone usb driver implementation.


* CVE-2011-2695: Off-by-one errors in the ext4 filesystem.

Multiple off-by-one errors in the ext4 subsystem in the Linux kernel
before 3.0-rc5 allow local users to cause a denial of service (BUG_ON
and system crash) by accessing a sparse file in extent format with a
write operation involving a block number corresponding to the largest
possible 32-bit unsigned integer.


* CVE-2011-2699: Predictable IPv6 fragment identification numbers.

The generator for IPv6 fragment identification numbers used a single
generator and thus was highly predictable and thus vulnerable to a
denial of service attack.


* CVE-2011-2723: Remote denial of service vulnerability in gro.

The skb_gro_header_slow function in the Linux kernel had a bug which
allowed a remote attacker to put certain gro fields in an inconsistent
state, resulting in a denial of service.


* CVE-2011-2942: Regression in bridged ethernet devices.

RHSA-2011:1065 introduced a regression in the Ethernet bridge
implementation. If a system had an interface in a bridge, and an
attacker on the local network could send packets to that interface,
they could cause a denial of service on that system. Xen hypervisor
and KVM (Kernel-based Virtual Machine) hosts often deploy bridge
interfaces. (CVE-2011-2942, Moderate)


* CVE-2011-1833: Information disclosure in eCryptfs.

Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
incorrectly validated permissions on the requested source directory. A
local attacker could use this flaw to mount an arbitrary directory,
possibly leading to information disclosure.


* CVE-2011-3191: Memory corruption in CIFSFindNext.

Darren Lavender reported an issue in the Common Internet File System
(CIFS). A malicious file server could cause memory corruption leading
to a denial of service.


* CVE-2011-3209: Denial of Service in clock implementation.

A flaw in the kernel's clock implementation could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-3209,
Moderate)


* CVE-2011-3188: Weak TCP sequence number generation.

Dan Kaminsky reported a weakness of the sequence number generation in
the TCP protocol implementation. This can be used by remote attackers
to inject packets into an active session.


* CVE-2011-3363: Remote denial of service in cifs_mount.

The kernel's CIFS client code could trigger a denial of service (BUG()
assertion failure) when connecting to a CIFS server providing unusual
shares.


* CVE-2011-4110: Null pointer dereference in key subsystem.

A NULL pointer dereference flaw was found in the way the Linux
kernel's key management facility handled user-defined key types. A
local, unprivileged user could use the keyctl utility to cause a
denial of service. (CVE-2011-4110, Moderate)


* CVE-2011-1162: Information leak in TPM driver.

A flaw in the way memory containing security-related data was handled
in tpm_read() could allow a local, unprivileged user to read the
results of a previously run TPM command.  (CVE-2011-1162, Low)


* CVE-2011-2494: Information leak in task/process statistics.

The I/O statistics from the taskstats subsystem could be read without
any restrictions.  A local, unprivileged user could use this flaw to
gather confidential information, such as the length of a password used
in a process.  (CVE-2011-2494, Low)


* CVE-2011-2203: Null pointer dereference mounting HFS filesystems.

A NULL pointer dereference flaw was found in the Linux kernel's HFS
file system implementation. A local attacker could use this flaw to
cause a denial of service by mounting a disk that contains a
specially-crafted HFS file system with a corrupted MDB extent
record. (CVE-2011-2203, Low)


* Stack corruption in icmp_send.

When using iptables -j REJECT with a device connected to a bridge,
stack corruption and kernel crashes can occur when network traffic
that exercises this rule is received.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.