[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab068.3)

Nelson Elhage nelhage at ksplice.com
Thu Feb 18 18:43:01 PST 2010 

Synopsis: CU-2.6.18-028stab068.3 can now be patched using Ksplice
CVEs: CVE-2006-6304 CVE-2009-3080 CVE-2009-4020 CVE-2009-4021
      CVE-2009-4138 CVE-2009-4141
Red Hat Security Advisory Severity: Important

Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers kernel
security update, CU-2.6.18-028stab068.3.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or
OpenVZ on RHEL 5 install these updates.  You can install these updates
by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2009-4141: Local privilege escalation in fasync_helper().

A design error in the fasync_helper function in the Linux kernel could
lead to use of a freed file object, which would be exploited by a
local user to result in privilege escalation. (CVE-2009-4141,
Important).


* CVE-2009-3080: Privilege Escalation in GDT driver.

An array index error in the GDT SCSI driver in the Linux kernel before
2.6.32-rc8 allows local users to cause a denial of service or possibly
gain privileges via a negative event index in an IOCTL
request. (CVE-2009-3080, Important).


* CVE-2009-4021: Denial of service in fuse_direct_io.

A programming error in the fuse_direct_io function could result in
FUSE dereferencing an invalid pointer if the machine entered a
low-memory state, leading to a denial of service (kernel oops)
(CVE-2009-4021, Important).


* CVE-2009-4020: Buffer overflow mounting corrupted hfs filesystem.

A buffer overflow flaw was found in the hfs_bnode_read() function in
the HFS file system implementation.  This could lead to a denial of
service if a user browsed a specially-crafted HFS file system, for
example, by running "ls" (CVE-2009-4020, Low).


* CVE-2006-6304: Rewrite attack flaw in do_coredump.

The RHSA-2009:0225 update introduced a rewrite attack flaw in the
do_coredump() function.  A local attacker able to guess the file name
a process is going to dump its core to, prior to the process crashing,
could use this flaw to append data to the dumped core file.  This
issue only affects systems that have "/proc/sys/fs/suid_dumpable" set
to 2 (the default value is 0). (CVE-2006-6304, Moderate)


* CVE-2009-4138: NULL pointer dereference flaw in firewire-ohci driver.

A NULL pointer dereference flaw was found in the firewire-ohci driver
used for OHCI compliant IEEE 1394 controllers.  A local, unprivileged
user with access to /dev/fw* files could issue certain IOCTL calls,
causing a denial of service or privilege escalation.  The FireWire
modules are blacklisted by default, and if enabled, only root has
access to the files noted above by default. (CVE-2009-4138, Moderate)

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ksplice-VZ4-Updates mailing list