[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab089.1)
Tim Abbott
tabbott at ksplice.com
Thu Apr 21 07:42:28 PDT 2011
Synopsis: CU-2.6.18-028stab089.1 can now be patched using Ksplice
CVEs: CVE-2010-4346 CVE-2011-0521 CVE-2011-1010 CVE-2011-1090 CVE-2011-1478
Red Hat Security Advisory Severity: Important
Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers kernel
security update, CU-2.6.18-028stab089.1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or OpenVZ on
RHEL 5 install these updates. You can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to take
any additional action.
DESCRIPTION
* CVE-2011-1478: NULL dereference in GRO with promiscuous mode.
A NULL pointer dereference flaw was found in the Generic Receive Offload
(GRO) functionality in the Linux kernel's networking implementation. If
both GRO and promiscuous mode were enabled on an interface in a virtual
LAN (VLAN), it could result in a denial of service when a malformed VLAN
frame is received on that interface. (CVE-2011-1478, Moderate)
* CVE-2010-4346: mmap_min_addr bypass in install_special_mapping.
A missing security check in the Linux kernel's implementation of the
install_special_mapping() function could allow a local, unprivileged user
to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)
* Use-after-free in MPT driver.
If an application requested asynchronous IO on an MPT Fusion device node,
the state was not cleaned up after the device was closed, leading to reuse
of a freed object, resulting in a potential kernel crash.
* CVE-2011-0521: Missing boundary check in dvb_ca_ioctl.
A missing boundary check was found in the dvb_ca_ioctl() function in the
Linux kernel's av7110 module. On systems that use old DVB cards that
require the av7110 module, a local, unprivileged user could use this flaw
to cause a denial of service or escalate their privileges. (CVE-2011-0521,
Important)
* CVE-2011-1010: Denial of service parsing malformed Mac OS partition tables.
A missing validation check was found in the Linux kernel's mac_partition()
implementation, used for supporting file systems created on Mac OS
operating systems. A local attacker could use this flaw to cause a denial
of service by mounting a disk that contains specially-crafted partitions.
(CVE-2011-1010, Low)
* CVE-2011-1090: Denial of Service in NFSv4 client.
An inconsistency was found in the interaction between the Linux kernel's
method for allocating NFSv4 (Network File System version 4) ACL data and
the method by which it was freed. This inconsistency led to a kernel panic
which could be triggered by a local, unprivileged user with files owned by
said user on an NFSv4 share. (CVE-2011-1090, Moderate)
* Fix incorrect detection of completed mptctl ioctl commands.
A call to the HP_GETHOSTINFO ioctl (I/O Control) in the mptctl module
could result in the MPT (Message Passing Technology) fusion driver being
reset due to erroneous detection of completed ioctl commands. With this
update, the message context sent to the mptctl module is stored
(previously, it was zeroed). When an ioctl command completes, the saved
message context is used to recognize the completion of the message, thus
resolving the faulty detection.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ksplice-VZ4-Updates
mailing list