[Ksplice][Virtuozzo 4.7 Updates] New updates available via Ksplice (2.6.32-042stab055.10)

Tue May 15 05:50:55 PDT 2012

Synopsis: 2.6.32-042stab055.10 can now be patched using Ksplice
CVEs: CVE-2012-0879 CVE-2012-1090

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, 2.6.32-042stab055.10.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4.7 or
OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Virtuozzo ploop driver deadlock.

A flaw in the ploop driver implementation could result in a deadlock
inside the driver.

* Kernel panic caused by NAT on a bridge device.

Incorrectly configured NAT rules could cause a panic in the bridge code,
resulting in a system crash.

* Kernel panic resulting from dead tasks.

A dead task in a container image could cause a kernel panic due to
improper cleanup.

* NULL pointer dereference in /proc filesystem.

A missing check for a NULL directory entry could result in a NULL
pointer dereference.

* CVE-2012-0879: Denial of service in CLONE_IO.

CLONE_IO reference counting error could be exploited by an
unprivileged local user to cause denial of service.

* Fix crash on discard in the software RAID driver.

The IO module in the software RAID subsystem didn't properly handle DISCARD messages
when using a configuration which has disk mirroring on top of a DISCARD enabled
hardware. This would lead to kernel BUGs.

* Bad access control permissions to dmesg_restrict sysctl.

The root user without the CAP_SYS_ADMIN capability was able to reset the
contents of the "/proc/sys/kernel/dmesg_restrict" configuration file to
0.  Consequently, the unprivileged root user could bypass the protection
of the "dmesg_restrict" file and read the kernel ring buffer.

* CVE-2012-1090: Denial of service in the CIFS filesystem reference counting.

Under certain circumstances, the CIFS filesystem would open a file on
lookup. If the file was determined later to be a FIFO or any other
special file the file handle would be leaked, leading to reference
counting mismatch and a kernel OOPS on unmount.

An unprivileged local user could use this flaw to crash the system.

* Inode corruption in XFS inode lookup.

The XFS inode cache did not correctly initialize the inode before
insertion into the cache which could result in corruption when racing
with an inode lookup.

* Memory corruption in Megaraid SAS driver.

Older versions of MegaCLI incorrectly sets the address format which
would cause memory corruption and allow a privileged attacker to write
arbitrary kernel memory.

* NULL pointer dereference in timer interrupt.

If a kernel is booted using kexec, then pending interrupts from the
previous kernel would cause a NULL pointer dereference.

* Denial of service in Ext4 filesystem.

When mounting an Ext4 filesystem, the kernel did not check for zero
length extents. This would cause a BUG_ON assertion failure in the log
which could lead to a denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.