[Ksplice-cloudlinux6-updates] New updates available via Ksplice (2.6.32-320.17.1.lve1.1.7.3.el6)

Wed Jul 11 10:08:39 PDT 2012

Synopsis: 2.6.32-320.17.1.lve1.1.7.3.el6 can now be patched using Ksplice
CVEs: CVE-2012-0044 CVE-2012-1179 CVE-2012-2119 CVE-2012-2121 CVE-2012-2123 CVE-2012-2137 CVE-2012-2372 CVE-2012-2373

Systems running CloudLinux 6 can now use Ksplice to patch against the
latest CloudLinux 6 kernel update, 2.6.32-320.17.1.lve1.1.7.3.el6.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 6 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Task hang in fuse filesystems.

Invalid error handling in the fuse system could lead to locked pages and
unkillable tasks waiting on those pages.

* Kernel crash with corrupted ext4 filesystems.

ext4 blocks that were present in memory rather than on disk could be
incorrectly verified resulting in the use of undefined data leading to a
kernel crash.

* Kernel crash on filesystem remount as read-only on PLOOP.

Remounting a filesystem over PLOOP as read-only could result in a kernel
crash.

* Deadlock on IPv6 interface shutdown.

Multiple calls to neighbor handling code could result in deadlock in
the network stack.

* CVE-2012-0044: Integer overflow and memory corruption in DRM CRTC support.

A missing size check in drm_mode_dirtyfb_ioctl allowed an attacker to
overflow num_clips, causing a buffer allocation of an unintended,
small size. Future calls to fb->funcs->dirty could result in memory
corruption beyond that buffer.

* CVE-2012-2119: Stack overflow in KVM macvtap page pinning.

The vector length of pages passed to the host from the guest through
macvtap is not validated before the pages are pinned. A privileged
guest user could use this flaw to induce stack overflow on the
host with attacker non-controlled data but with attacker controlled length.

* CVE-2012-2123: Privilege escalation when assigning permissions using fcaps.

If a process increases permissions using fcaps, all of the dangerous
personality flags which are cleared for suid apps are not cleared. This has
allowed programs that gained elevated permissions using fcaps to disable
the address space randomization of other processes.

* CVE-2012-2121: Memory leak in KVM device assignment.

KVM uses memory slots to track and map guest regions of memory.  When device
assignment is used, the pages backing these slots are pinned in memory and mapped
into the iommu.  The problem is that when a memory slot is destroyed the pages
for the associated memory slot are neither unpinned nor unmapped from the iommu.

* CVE-2012-2137: Buffer overflow in KVM MSI routing entry handler.

A buffer overflow flaw was found in the setup_routing_entry() function in the
KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts
(MSI) routing entry was handled. A local, unprivileged user could use this flaw
to cause a denial of service or, possibly, escalate their privileges.

* CVE-2012-2372: Denial of service in Reliable Datagram Sockets protocol.

A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS)
protocol implementation. A local, unprivileged user could use this flaw
to cause a denial of service.

* CVE-2012-1179 and CVE-2012-2373: Hugepage denial of service.

CVE-2012-1179: Denial of service in page mapping of the hugepage subsystem.

In some cases, the hugepage subsystem would allocate new PMDs when not
expected by the memory management subsystem. A privileged user in the
KVM guest can use this flaw to crash the host, an unprivileged local
user could use this flaw to crash the system.

CVE-2012-2373: Denial of service in PAE page tables.

On a PAE system, a non-atomic load could be corrupted by a page fault
resulting in a kernel crash, triggerable by an unprivileged user.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.