[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab068.9)

Thu Apr 1 22:13:57 PDT 2010

Synopsis: CU-2.6.18-028stab068.9 can now be patched using Ksplice
CVEs: CVE-2009-4308 CVE-2010-0007 CVE-2010-0415 CVE-2010-0437
Red Hat Security Advisory Severity: Important

Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers kernel
security update, CU-2.6.18-028stab068.9.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or
OpenVZ on RHEL 5 install these updates.  You can install these updates
by running:

# uptrack-upgrade -y

DESCRIPTION

* Kernel crash forwarding network traffic.

A programming error in the Generic Receive Offload implementation in
the Linux kernel could generate invalid packet structures with certain
network cards, resulting in a kernel crash (BUG) if those packets are
then forwarded to another network interface.

* Filesystem corruption on ext3 over NFS.

A flaw in the core filesystem code of the Linux kernel could lead to
filesystem corruption when a new inode is created, particularly in an
ext3 filesystem mounted over NFS.

* CVE-2010-0437: NULL pointer dereference in ip6_dst_lookup_tail.

A NULL pointer dereference flaw was found in the ip6_dst_lookup_tail()
function in the Linux kernel. An attacker on the local network could
trigger this flaw by sending IPv6 traffic to a target system, leading
to a system crash (kernel OOPS) if dst->neighbour is NULL on the
target system when receiving an IPv6 packet. (CVE-2010-0437,
Important)

* CVE-2010-0007: Missing capabilities check in ebtables module.

The ebtables module in the netfilter framework in the Linux kernel did
not require the CAP_NET_ADMIN capability for setting or modifying
rules, which allows local users to bypass intended access restrictions
and configure arbitrary network-traffic filtering via a modified
ebtables application. (CVE-2010-0007, Low)

* CVE-2010-0415: Information leak in sys_move_pages

A missing boundary check was found in the do_move_pages() function in
the memory migration functionality in the Linux kernel.  A local user
could use this flaw to cause a local denial of service or an
information leak.  (CVE-2010-0415, Important)

* CVE-2009-4308: NULL pointer dereference in ext4 decoding EROFS w/o a journal.

The ext4_decode_error function in fs/ext4/super.c in the ext4
filesystem in the Linux kernel before 2.6.32 allows user-assisted
remote attackers to cause a denial of service (NULL pointer
dereference), and possibly have unspecified other impact, via a
crafted read-only filesystem that lacks a journal. (CVE-2009-4308,
Moderate)

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.