[Ksplice][Virtuozzo 4.7 Updates] New updates available via Ksplice (CU-2.6.32-042stab039.10)

Wed Nov 9 14:44:03 PST 2011

Synopsis: CU-2.6.32-042stab039.10 can now be patched using Ksplice
CVEs: CVE-2011-1160 CVE-2011-1745 CVE-2011-1746 CVE-2011-1833 
CVE-2011-2022 CVE-2011-2484 CVE-2011-2496 CVE-2011-2521 CVE-2011-2723 
CVE-2011-2898 CVE-2011-2918
Red Hat Security Advisory Severity: Important

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, CU-2.6.32-042stab039.10.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4.7 or
OpenVZ on RHEL 6 install these updates.  You can install these updates
by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

DESCRIPTION

* CVE-2011-1160: Information leak in tpm driver.

A buffer was not initialized before being returned to userspace,
leading to a leak of potentially sensitive kernel memory.

* CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.

Flaws in the AGPGART driver implementation when handling certain
IOCTL commands could allow a local, unprivileged user to cause a
denial of service or escalate their privileges.

* CVE-2011-1746: Integer overflow in agp_allocate_memory.

An integer overflow flaw in agp_allocate_memory() could allow a
local, unprivileged user to cause a denial of service or escalate
their privileges.

* CVE-2011-2484: Denial of service in taskstats subsystem.

The add_del_listener function in kernel/taskstats.c in the Linux kernel
did not prevent multiple registrations of exit handlers, which allowed
local users to cause a denial of service (memory and CPU consumption),
and bypass the OOM Killer, via a crafted application.

* CVE-2011-2496: Local denial of service in mremap().

Robert Swiecki discovered that mremap() could be abused for local denial of
service by triggering a BUG_ON assert.

* CVE-2011-2521: Denial of service in performance counters

The performance counter subsystem incorrectly calculated the index of
fixed counter registerss, leading to local denial of service.

* CVE-2011-2723: Remote denial of service vulnerability in gro.

The skb_gro_header_slow function in the Linux kernel had a bug which
allowed a remote attacker to put certain gro fields in an inconsistent
state, resulting in a denial of service.

* CVE-2011-2898: Information leak in packet subsystem

Uninitialized struct padding in the packet subsystem led to an
information leak of two bytes of kernel memory to userspace.

* CVE-2011-2918: Denial of service in event overflows in perf.

Vince Weaver discovered that incorrect handling of software event
overflows in the perf analysis tool could lead to local denial of
service.

* CVE-2011-1833: Information disclosure in eCryptfs.

Vasiliy Kulikov of Openwall and Dan Rosenberg discovered that eCryptfs
incorrectly validated permissions on the requested source directory. A
local attacker could use this flaw to mount an arbitrary directory,
possibly leading to information disclosure.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.