[Ksplice][CloudLinux 5 Updates] New updates available via Ksplice (2.6.18-294.26.1.el5.lve0.7.44)
Tim Abbott
tabbott at ksplice.com
Tue Nov 23 11:18:47 PST 2010
Synopsis: 2.6.18-294.26.1.el5.lve0.7.44 can now be patched using Ksplice
CVEs: CVE-2010-2963 CVE-2010-3066 CVE-2010-3067 CVE-2010-3078 CVE-2010-3086 CVE-2010-3477 CVE-2010-3904
Red Hat Security Advisory Severity: Important
Systems running CloudLinux 5 can now use Ksplice to patch against the
latest CloudLinux 5 kernel update, 2.6.18-294.26.1.el5.lve0.7.44.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on CloudLinux 5 install
these updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-3066: NULL pointer dereference in io_submit_one.
A NULL pointer dereference flaw was found in the io_submit_one() function
in the Linux kernel asynchronous I/O implementation. A local, unprivileged
user could use this flaw to cause a denial of service. (CVE-2010-3066,
Moderate)
* CVE-2010-3067: Information leak in sys_io_submit.
A missing upper bound integer check was found in the sys_io_submit()
function in the Linux kernel asynchronous I/O implementation. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3067, Low)
* CVE-2010-3078: Information leak in xfs_ioc_fsgetxattr.
A flaw was found in the xfs_ioc_fsgetxattr() function in the Linux kernel
XFS file system implementation. A data structure in xfs_ioc_fsgetxattr()
was not initialized properly before being copied to user-space. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3078, Moderate)
* CVE-2010-3086: Denial of Service in futex atomic operations.
The exception fixup code for the __futex_atomic_op1, __futex_atomic_op2,
and futex_atomic_cmpxchg_inatomic() macros replaced the LOCK prefix with a
NOP instruction. A local, unprivileged user could use this flaw to cause a
denial of service. (CVE-2010-3086, Moderate)
* CVE-2010-3477: Information leak in tcf_act_police_dump.
A flaw was found in the tcf_act_police_dump() function in the Linux kernel
network traffic policing implementation. A data structure in
tcf_act_police_dump() was not initialized properly before being copied to
user-space. A local, unprivileged user could use this flaw to cause an
information leak. (CVE-2010-3477, Moderate)
* CVE-2010-2963: Kernel memory overwrite in VIDIOCSMICROCODE.
The ioctl32 v4l1 compat code for VIDIOCSMICROCODE does not check the
destination buffer for a copy_from_user() call, which allows anyone with
access to a v4l device to write to arbitrary kernel memory locations.
* Buffer overflow in icmpmsg_put.
Reading from the /proc/net/snmp file could cause a buffer overflow when
the number of different MIBs messages overran the internal buffer.
* CVE-2010-3904: Local privilege escalation vulnerability in RDS sockets.
The rds_page_copy_user function did not perform any access checks on
user-provided pointers before using unchecked __copy_*_user_inatomic
functions, which can be exploited by a local user to write to arbitrary
kernel memory and escalate privileges.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the CloudLinux5-Updates
mailing list