[Ksplice][RHEL6-Updates] New updates available via Ksplice (RHSA-2011:1350-1)
Anders Kaseorg
anders.kaseorg at oracle.com
Thu Oct 6 13:29:52 PDT 2011
Synopsis: RHSA-2011:1350-1 can now be patched using Ksplice
CVEs: CVE-2011-1160 CVE-2011-1745 CVE-2011-1746 CVE-2011-1833
CVE-2011-2022 CVE-2011-2484 CVE-2011-2496 CVE-2011-2521 CVE-2011-2723
CVE-2011-2898 CVE-2011-2918
Red Hat Security Advisory Severity: Important
Systems running Red Hat Enterprise Linux 6, CentOS 6, and Scientific
Linux 6 can now use Ksplice to patch against the latest Red Hat
Security Advisory, RHSA-2011:1350-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on RHEL 6, CentOS 6,
and Scientific Linux 6 install these updates. You can install these
updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* CVE-2011-1160: Information leak in tpm driver.
A buffer was not initialized before being returned to userspace,
leading to a leak of potentially sensitive kernel memory.
* CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.
Flaws in the AGPGART driver implementation when handling certain
IOCTL commands could allow a local, unprivileged user to cause a
denial of service or escalate their privileges.
* CVE-2011-1746: Integer overflow in agp_allocate_memory.
An integer overflow flaw in agp_allocate_memory() could allow a
local, unprivileged user to cause a denial of service or escalate
their privileges.
* CVE-2011-2484: Denial of service in taskstats subsystem.
The add_del_listener function in kernel/taskstats.c in the Linux kernel
did not prevent multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU consumption),
and bypass the OOM Killer, via a crafted application.
* CVE-2011-2496: Local denial of service in mremap().
Robert Swiecki discovered that mremap() could be abused for local denial of
service by triggering a BUG_ON assert.
* CVE-2011-2521: Denial of service in performance counters.
The performance counter subsystem incorrectly calculated the index of
fixed counter registerss, leading to local denial of service.
* CVE-2011-2723: Remote denial of service vulnerability in gro.
The skb_gro_header_slow function in the Linux kernel had a bug which
allowed a remote attacker to put certain gro fields in an inconsistent
state, resulting in a denial of service.
* CVE-2011-2898: Information leak in packet subsystem.
Uninitialized struct padding in the packet subsystem led to an
information leak of two bytes of kernel memory to userspace.
* CVE-2011-2918: Denial of service in event overflows in perf.
Vince Weaver discovered that incorrect handling of software event
overflows in the perf analysis tool could lead to local denial of
service.
* CVE-2011-1833: Information disclosure in eCryptfs.
Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
incorrectly validated permissions on the requested source directory. A
local attacker could use this flaw to mount an arbitrary directory,
possibly leading to information disclosure.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ksplice-EL6-Updates
mailing list