[Ksplice][RHEL6-Updates] Subject: New updates available via Ksplice (RHSA-2011:1189-1)

Thu Aug 25 21:24:58 PDT 2011

Synopsis: RHSA-2011:1189-1 can now be patched using Ksplice
CVEs: CVE-2011-1182 CVE-2011-1576 CVE-2011-1593 CVE-2011-1776 
CVE-2011-2213 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2497 
CVE-2011-2517 CVE-2011-2689 CVE-2011-2695
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 6, CentOS 6, and Scientific
Linux 6 can now use Ksplice to patch against the latest Red Hat
Security Advisory, RHSA-2011:1189-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 6, CentOS 6,
and Scientific Linux 6 install these updates.  You can install these
updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

DESCRIPTION

* CVE-2011-1776: Missing boundary checks in EFI partition table parsing.

Timo Warns reported an issue in the Linux implementation for GUID
partitions.  Users with physical access can gain access to sensitive
kernel memory by adding a storage device with a specially crafted
corrupted invalid partition table.

* CVE-2011-1182: Signal spoofing in rt_sigqueueinfo.

A userspace process could queue a signal for another process with a
siginfo.si_code field appearing to originate from a kernel. This could
allow a process to generate a fake tgkill signal to a thread it is not
privileged to signal.

* CVE-2011-1593: Missing bounds check in proc filesystem.

A local attacker could exploit a missing bounds check to read kernel
memory or cause a denial of service.

* CVE-2011-2213: Arbitrary code injection bug in IPv4 subsystem.

Insufficient validation in inet_diag_bc_audit allowed a malicious user
to inject code or trigger an infinite loop.

* CVE-2011-2491: Local denial of service in NLM subsystem.

A flaw in the client-side NLM implementation could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-2491,
Important)

* CVE-2011-2492: Information leak in bluetooth implementation.

Structure padding in two structures in the Bluetooth implementation
was not initialized properly before being copied to user-space,
possibly allowing local, unprivileged users to leak kernel stack
memory to user-space. (CVE-2011-2492, Low)

* CVE-2011-2497: Buffer overflow in the Bluetooth subsystem.

A small user-provide value for the command size field in the command
header of an l2cap configuration request can cause a buffer overflow.

* CVE-2011-2517: Buffer overflow in nl80211 driver.

A missing check on the length of an SSID passed in a scan or
sched_scan request allowed a buffer overflow when copying the SSID.

* CVE-2011-1576: Denial of service with VLAN packets and GRO.

A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)
packets. An attacker on the local network could trigger this flaw by
sending specially-crafted packets to a target system, possibly causing
a denial of service. (CVE-2011-1576, Moderate)

* CVE-2011-2695: Off-by-one errors in the ext4 filesystem.

Multiple off-by-one errors in the ext4 subsystem in the Linux kernel
before 3.0-rc5 allow local users to cause a denial of service (BUG_ON
and system crash) by accessing a sparse file in extent format with a
write operation involving a block number corresponding to the largest
possible 32-bit unsigned integer.

* CVE-2011-2495: Information leak in /proc/PID/io.

/proc/PID/io could be used for gathering private information and did
not have access restrictions.

* CVE-2011-2689: Local denial of service in GFS2 filesystem.

The was a flaw in the way space was allocated in the Global File
System 2 (GFS2) implementation. If the file system was almost full,
and a local, unprivileged user made an fallocate() request, it could
result in a denial of service.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.