[Ksplice][RHEL6-Updates] New updates available via Ksplice (RHSA-2011:1350-1)

Thu Oct 6 13:29:52 PDT 2011

Synopsis: RHSA-2011:1350-1 can now be patched using Ksplice
CVEs: CVE-2011-1160 CVE-2011-1745 CVE-2011-1746 CVE-2011-1833 
CVE-2011-2022 CVE-2011-2484 CVE-2011-2496 CVE-2011-2521 CVE-2011-2723 
CVE-2011-2898 CVE-2011-2918
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 6, CentOS 6, and Scientific
Linux 6 can now use Ksplice to patch against the latest Red Hat
Security Advisory, RHSA-2011:1350-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 6, CentOS 6,
and Scientific Linux 6 install these updates.  You can install these
updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

DESCRIPTION

* CVE-2011-1160: Information leak in tpm driver.

A buffer was not initialized before being returned to userspace,
leading to a leak of potentially sensitive kernel memory.

* CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.

Flaws in the AGPGART driver implementation when handling certain
IOCTL commands could allow a local, unprivileged user to cause a
denial of service or escalate their privileges.

* CVE-2011-1746: Integer overflow in agp_allocate_memory.

An integer overflow flaw in agp_allocate_memory() could allow a
local, unprivileged user to cause a denial of service or escalate
their privileges.

* CVE-2011-2484: Denial of service in taskstats subsystem.

The add_del_listener function in kernel/taskstats.c in the Linux kernel
did not prevent multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU consumption),
and bypass the OOM Killer, via a crafted application.

* CVE-2011-2496: Local denial of service in mremap().

Robert Swiecki discovered that mremap() could be abused for local denial of
service by triggering a BUG_ON assert.

* CVE-2011-2521: Denial of service in performance counters.

The performance counter subsystem incorrectly calculated the index of
fixed counter registerss, leading to local denial of service.

* CVE-2011-2723: Remote denial of service vulnerability in gro.

The skb_gro_header_slow function in the Linux kernel had a bug which
allowed a remote attacker to put certain gro fields in an inconsistent
state, resulting in a denial of service.

* CVE-2011-2898: Information leak in packet subsystem.

Uninitialized struct padding in the packet subsystem led to an
information leak of two bytes of kernel memory to userspace.

* CVE-2011-2918: Denial of service in event overflows in perf.

Vince Weaver discovered that incorrect handling of software event
overflows in the perf analysis tool could lead to local denial of
service.

* CVE-2011-1833: Information disclosure in eCryptfs.

Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
incorrectly validated permissions on the requested source directory. A
local attacker could use this flaw to mount an arbitrary directory,
possibly leading to information disclosure.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.