[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab069.5)

Tim Abbott tabbott at ksplice.com
Fri May 21 19:23:30 PDT 2010 

Synopsis: CU-2.6.18-028stab069.5 can now be patched using Ksplice
CVEs: CVE-2009-4307 CVE-2010-0307 CVE-2010-0727 CVE-2010-1085 CVE-2010-1086
Red Hat Security Advisory Severity: Important

Systems running Virtuozzo 4 or the OpenVZ for EL5 kernel can now use 
Ksplice to patch against the latest Parallels Virtuozzo Containers kernel 
security update, CU-2.6.18-028stab069.5.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or OpenVZ 
for EL5 install these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2009-4307: Divide-by-zero mounting an ext4 filesystem.

A divide-by-zero flaw was found in the ext4 file system code. A local
attacker could use this flaw to cause a denial of service by mounting
a specially-crafted ext4 file system. (CVE-2009-4307, Low)


* CVE-2010-0727: Denial of Service in GFS2 locking.

A flaw was found in the gfs2_lock() implementation. The GFS2 locking
code could skip the lock operation for files that have the S_ISGID bit
(set-group-ID on execution) in their mode set. A local, unprivileged
user on a system that has a GFS2 file system mounted could use this
flaw to cause a kernel panic. (CVE-2010-0727, Moderate)


* Floating point state corruption after signal.

The context save/restore done by the kernel for a signal handler caused
floating point register state corruption in certain circumstances.


* CVE-2010-1086: Infinite loop in ULE implementation.

A flaw was found in the kernel's Unidirectional Lightweight
Encapsulation (ULE) implementation. A remote attacker could send a
specially-crafted ISO MPEG-2 Transport Stream (TS) frame to a target
system, resulting in a denial of service. (CVE-2010-1086, Important)


* CVE-2010-1085: Divide-by-zero in Intel HDA driver.

A divide-by-zero flaw was found in azx_position_ok() in the Intel High
Definition Audio driver, snd-hda-intel. A local, unprivileged user
could trigger this flaw to cause a denial of service. (CVE-2010-1085,
Moderate)


* CVE-2010-0307: Denial of service on amd64

A programming error in the load_elf_binary function on Linux could
result in a denial of service on 64-bit machines by attempting to exec
a 32-bit binary with an invalid interpreter, and then causing a
coredump.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ksplice-VZ4-Updates mailing list