[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab070.14)
Tim Abbott
tabbott at ksplice.com
Fri Nov 19 13:36:35 PST 2010
Synopsis: CU-2.6.18-028stab070.14 can now be patched using Ksplice
CVEs: CVE-2010-2963 CVE-2010-3066 CVE-2010-3067 CVE-2010-3078 CVE-2010-3086 CVE-2010-3477 CVE-2010-3904
Red Hat Security Advisory Severity: Important
Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers kernel
security update, CU-2.6.18-028stab070.14.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or
OpenVZ on RHEL 5 install these updates. You can install these updates
by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-3066: NULL pointer dereference in io_submit_one.
A NULL pointer dereference flaw was found in the io_submit_one() function
in the Linux kernel asynchronous I/O implementation. A local, unprivileged
user could use this flaw to cause a denial of service. (CVE-2010-3066,
Moderate)
* CVE-2010-3067: Information leak in sys_io_submit.
A missing upper bound integer check was found in the sys_io_submit()
function in the Linux kernel asynchronous I/O implementation. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3067, Low)
* CVE-2010-3078: Information leak in xfs_ioc_fsgetxattr.
A flaw was found in the xfs_ioc_fsgetxattr() function in the Linux kernel
XFS file system implementation. A data structure in xfs_ioc_fsgetxattr()
was not initialized properly before being copied to user-space. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3078, Moderate)
* CVE-2010-3086: Denial of Service in futex atomic operations.
The exception fixup code for the __futex_atomic_op1, __futex_atomic_op2,
and futex_atomic_cmpxchg_inatomic() macros replaced the LOCK prefix with a
NOP instruction. A local, unprivileged user could use this flaw to cause a
denial of service. (CVE-2010-3086, Moderate)
* CVE-2010-3477: Information leak in tcf_act_police_dump.
A flaw was found in the tcf_act_police_dump() function in the Linux kernel
network traffic policing implementation. A data structure in
tcf_act_police_dump() was not initialized properly before being copied to
user-space. A local, unprivileged user could use this flaw to cause an
information leak. (CVE-2010-3477, Moderate)
* CVE-2010-2963: Kernel memory overwrite in VIDIOCSMICROCODE.
The ioctl32 v4l1 compat code for VIDIOCSMICROCODE does not check the
destination buffer for a copy_from_user() call, which allows anyone with
access to a v4l device to write to arbitrary kernel memory locations.
* Buffer overflow in icmpmsg_put.
Reading from the /proc/net/snmp file could cause a buffer overflow when
the number of different MIBs messages overran the internal buffer.
* CVE-2010-3904: Local privilege escalation vulnerability in RDS sockets.
The rds_page_copy_user function did not perform any access checks on
user-provided pointers before using unchecked __copy_*_user_inatomic
functions, which can be exploited by a local user to write to arbitrary
kernel memory and escalate privileges.
* Fix broken networking for host-routed containers.
The stab070.12 kernel introduced a bug in the venet device (for
host-routed containers) where the kernel didn't ARP properly for container
IP addresses. This resulted in containers not being accessible on the
network. Please note that this issue only affects machines booted with
stab070.12 kernel.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ksplice-VZ4-Updates
mailing list