[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab101.1)

Fri Jul 6 17:09:46 PDT 2012

Synopsis: CU-2.6.18-028stab101.1 can now be patched using Ksplice
CVEs: CVE-2012-1583

Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers
kernel security update, CU-2.6.18-028stab101.1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or
OpenVZ on RHEL 5 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Kernel crash on starting an NFS server.

An incorrect call to the SUN RPC layer resulted in hitting a BUG_ON()
and kernel crash when starting an NFS server.

* Denial of service in filesystem unmounting.

The kernel's processing of dentries in the dcache could, under certain
circumstances, trigger the NMI watchdog.  A local privileged user could
use this flaw to initiate a denial of service attack.

* Soft lockup in USB ACM driver.

The Abstract Control Model (ACM) driver had a race condition that could,
under certain circumstances, lead to deadlock and a soft lockup.

* System hang in qla2xxx driver during I/O error recovery.

Systems using QLogic Fibre Channel Host Bust Adapters could become
unresponsive during I/O error recovery under rare circumstances.

* Use-after-free in Broadcom Tigon3 Ethernet driver.

The Broadcom Tigon3 Ethernet driver has a workaround for 40-bit DMA that
may allocate a new socket buffer whilst the caller held a reference to
the old socket buffer which it used for timestamping.

* Kernel panic in Broadcom Tigon3 Ethernet driver.

The Broadcom Tigon3 Ethernet driver would, under certain circumstances,
attempt to unmap a buffer that had not been previously mapped, resulting
in a kernel panic.

* Bad access control permissions to dmesg_restrict sysctl.

The root user without the CAP_SYS_ADMIN capability was able to reset the
contents of the "/proc/sys/kernel/dmesg_restrict" configuration file to
0.  Consequently, the unprivileged root user could bypass the protection
of the "dmesg_restrict" file and read the kernel ring buffer.

* Network failure on detach+attach of NIC in IGB driver.

The IGB driver powered down the Ethernet PHY when the NIC was detached,
but not reset.  Under certain circumstances this could cause the PHY to
lose state and fail to come back up when the NIC was reattached
resulting in a loss of connectivity.

* CVE-2012-1583: use-after-free in IPv6 tunneling.

A flaw in the IPv6 tunnel handling could allow a remote attacker to
trigger a use-after-free or double free allowing a remote user to
trigger a denial-of-service.

* Kernel crash in Ethernet bridging netfilter module.

The use of uninitialized memory in the Ethernet bridging module could
result in the incorrect handling of frames and a kernel panic.

* Unresponsive I/O using QLA2XXX driver.

Faults in the QLA2XXX driver and HBA firmware could result in
unresponsive I/O during storage fault testing.

* Use-after-free in task accounting.

A missing reference count manipulation could result in a use-after-free
condition in the task accounting system and lead to a kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.