[Ksplice-cloudlinux6-updates] New updates available via Ksplice (2.6.32-320.4.1.lve1.1.7.el6)

Fri Jun 8 12:52:54 PDT 2012

Synopsis: 2.6.32-320.4.1.lve1.1.7.el6 can now be patched using Ksplice
CVEs: CVE-2011-4077 CVE-2011-4081 CVE-2011-4132 CVE-2011-4347 
CVE-2011-4594 CVE-2011-4622 CVE-2012-0038 CVE-2012-0045 CVE-2012-0207

Systems running CloudLinux 6 can now use Ksplice to patch against the
latest CloudLinux kernel update, 2.6.32-320.4.1.lve1.1.7.el6.

This is the second set of updates we have released for
2.6.32-320.4.1.lve1.1.7.el6. Even if you have installed the previous
set, you must install this set to bring your effective version to
2.6.32-320.4.1.lve1.1.7.el6. For future kernels we will return to
releasing all required updates in one set.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 6 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Arithmetic overflow in clock source calculations.

An insufficiently designed calculation in the CPU accelerator in the
previous kernel caused an arithmetic overflow in the sched_clock()
function when system uptime exceeded 208.5 days. This overflow led to
a kernel panic on the systems using the Time Stamp Counter (TSC) or
Virtual Machine Interface (VMI) clock source. This update corrects the
aforementioned calculation so that this arithmetic overflow and kernel
panic can no longer occur under these circumstances.

* CVE-2011-4077: Buffer overflow in xfs_readlink.

A flaw in the way the XFS filesystem implementation handled links with
pathnames larger than MAXPATHLEN allowed an attacker to mount a
malicious XFS image that could crash the system or result in privilege
escalation.

* CVE-2011-4081: NULL pointer dereference in GHASH cryptographic algorithm.

Nick Bowler reported an issue in the GHASH message digest
algorithm. ghash_update can pass a NULL pointer to gf128mul_4k_lle in some
cases, leading to a NULL pointer dereference (kernel OOPS).

* CVE-2011-4132: Denial of service in Journaling Block Device layer.

A flaw in the way the Journaling Block Device (JBD) layer handled an
invalid log first block value allowed an attacker to mount a malicious
ext3 or ext4 image that would crash the system.

* CVE-2011-4347: Denial of service in KVM device assignment.

Several bugs that allowed unprivileged users to improperly assign
devices to KVM guests could result in a denial of service.

* CVE-2011-4622: NULL pointer deference in KVM interval timer emulation.

Starting PIT timers in the absence of irqchip support could cause a
NULL pointer dereference and kernel OOPs.

* CVE-2012-0038: In-memory corruption in XFS ACL processing.

A missing check in xfs_acl_from_disk on the number of XFS ACLs could
result in in-memory corruption and a kernel panic.

* CVE-2012-0045: Denial of service in KVM system call emulation.

A bug in the system call emulation for allowed local users on a 32-bit
KVM guest system to cause the guest system to panic.

* CVE-2012-0207: Denial of service bug in IGMP.

The IGMP subsystem's compatibility handling of v2 packets had a bug in
the computation of a delay field which could result in division by
zero (causing a kernel panic).

* CVE-2011-4594: Denial of service in network message batching.

Two flaws were found in the way the Linux kernel's __sys_sendmsg()
function, when invoked via the sendmmsg() system call, accessed user-space
memory.

A local, unprivileged user could use these flaws to cause a denial
of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.