[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab099.3)

[Sasha Levin]

Synopsis: CU-2.6.18-028stab099.3 can now be patched using Ksplice
CVEs: CVE-2011-1083
Red Hat Security Advisory Severity: Important

Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers
kernel security update, CU-2.6.18-028stab099.3.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or
OpenVZ on RHEL 5 install these updates.  You can install these updates
by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-1083: Algorithmic denial of service in epoll.

A flaw was found in the way the Linux kernel's Event Poll (epoll)
subsystem handled large, nested epoll structures. A local,
unprivileged user could use this flaw to cause a denial of service.


* Incorrect permissions checks in dmesg_restrict sysctl.

An incorrect permissions check prevented guests from accessing the
kernel log buffer and dmesg facilities resulting in syslog access
failures.


* Denial of service in persistent tun devices.

The check preventing a persistent tunnel device from being created from
inside a container caused a networking mutex to be incorrectly held
resulting in a system hang and denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.