[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab089.1)

[Tim Abbott]

Synopsis: CU-2.6.18-028stab089.1 can now be patched using Ksplice
CVEs: CVE-2010-4346 CVE-2011-0521 CVE-2011-1010 CVE-2011-1090 CVE-2011-1478
Red Hat Security Advisory Severity: Important

Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use 
Ksplice to patch against the latest Parallels Virtuozzo Containers kernel 
security update, CU-2.6.18-028stab089.1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or OpenVZ on 
RHEL 5 install these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, 
these updates will be installed automatically and you do not need to take 
any additional action.


DESCRIPTION

* CVE-2011-1478: NULL dereference in GRO with promiscuous mode.

A NULL pointer dereference flaw was found in the Generic Receive Offload 
(GRO) functionality in the Linux kernel's networking implementation. If 
both GRO and promiscuous mode were enabled on an interface in a virtual 
LAN (VLAN), it could result in a denial of service when a malformed VLAN 
frame is received on that interface. (CVE-2011-1478, Moderate)


* CVE-2010-4346: mmap_min_addr bypass in install_special_mapping.

A missing security check in the Linux kernel's implementation of the 
install_special_mapping() function could allow a local, unprivileged user 
to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)


* Use-after-free in MPT driver.

If an application requested asynchronous IO on an MPT Fusion device node, 
the state was not cleaned up after the device was closed, leading to reuse 
of a freed object, resulting in a potential kernel crash.


* CVE-2011-0521: Missing boundary check in dvb_ca_ioctl.

A missing boundary check was found in the dvb_ca_ioctl() function in the 
Linux kernel's av7110 module. On systems that use old DVB cards that 
require the av7110 module, a local, unprivileged user could use this flaw 
to cause a denial of service or escalate their privileges. (CVE-2011-0521, 
Important)


* CVE-2011-1010: Denial of service parsing malformed Mac OS partition tables.

A missing validation check was found in the Linux kernel's mac_partition() 
implementation, used for supporting file systems created on Mac OS 
operating systems. A local attacker could use this flaw to cause a denial 
of service by mounting a disk that contains specially-crafted partitions. 
(CVE-2011-1010, Low)


* CVE-2011-1090: Denial of Service in NFSv4 client.

An inconsistency was found in the interaction between the Linux kernel's 
method for allocating NFSv4 (Network File System version 4) ACL data and 
the method by which it was freed. This inconsistency led to a kernel panic 
which could be triggered by a local, unprivileged user with files owned by 
said user on an NFSv4 share. (CVE-2011-1090, Moderate)


* Fix incorrect detection of completed mptctl ioctl commands.

A call to the HP_GETHOSTINFO ioctl (I/O Control) in the mptctl module 
could result in the MPT (Message Passing Technology) fusion driver being 
reset due to erroneous detection of completed ioctl commands. With this 
update, the message context sent to the mptctl module is stored 
(previously, it was zeroed).  When an ioctl command completes, the saved 
message context is used to recognize the completion of the message, thus 
resolving the faulty detection.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.