[Ksplice-cloudlinux6-updates] New updates available via Ksplice (2.6.32-320.4.1.lve1.1.4)

[Nelson Elhage]

Synopsis: 2.6.32-320.4.1.lve1.1.4 can now be patched using Ksplice
CVEs: CVE-2011-1020 CVE-2011-3638 CVE-2011-4110 CVE-2011-4127
      CVE-2012-1097

Systems running CloudLinux 6 can now use Ksplice to patch against the
latest CloudLinux 6 kernel update, 2.6.32-320.4.1.lve1.1.4.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 6 install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* NULL pointer dereference in IPv4 options processing.

An incorrect check in the ip_options_compile function could lead to
denial of service via NULL pointer dereference.


* CVE-2011-4110: Denial of service in kernel key management facilities.

A flaw in the way user-defined key types were handled allowed an
uprivileged local user to crash the system via a NULL pointer
dereference and kernel OOPS.


* CVE-2011-3638: Disk layout corruption bug in ext4 filesystem.

When splitting two extents in ext4_ext_convert_to_initialized(), an
extent was incorrectly not dirtied, resulting in the disk layout being
corrupted, which will eventually cause a kernel crash.


* CVE-2011-1020: Missing access restrictions in /proc subsystem.

The proc filesystem implementation did not restrict access to the /proc
directory tree of a process after this process performs an exec of a
setuid program, which allowed local users to obtain sensitive information
or potentially cause other integrity issues.


* CVE-2011-4127: KVM privilege escalation through insufficient validation in SG_IO ioctl.

Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM
volumes resulted in the requests being passed to the underlying block
device. If a privileged user only had access to a single partition or
LVM volume, they could use this flaw to bypass those restrictions and
gain read and write access (and be able to issue other SCSI commands)
to the entire block device.

In KVM (Kernel-based Virtual Machine) environments using raw format
virtio disks backed by a partition or LVM volume, a privileged guest
user could bypass intended restrictions and issue read and write
requests (and other SCSI commands) on the host, and possibly access
the data of other guests that reside on the same underlying block
device. (CVE-2011-4127, Important)


* CVE-2012-1097: NULL pointer dereference in the ptrace subsystem.

Under certain circumstances, ptrace-ing a process could lead to a NULL
pointer dereference and kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.