[Ksplice][CloudLinux 5 Updates] New updates available via Ksplice (2.6.18-338.19.1.el5.lve0.8.36)

Tim Abbott tabbott at ksplice.com
Wed Aug 3 14:58:57 PDT 2011 

Synopsis: 2.6.18-338.19.1.el5.lve0.8.36 can now be patched using Ksplice
CVEs: CVE-2010-4649 CVE-2011-0695 CVE-2011-0711 CVE-2011-1044 CVE-2011-1182 CVE-2011-1573 CVE-2011-1576 CVE-2011-1593 CVE-2011-1745 CVE-2011-1746 CVE-2011-1776 CVE-2011-2022 CVE-2011-2213 CVE-2011-2492
Red Hat Security Advisory Severity: Important

Systems running CloudLinux 5 can now use Ksplice to patch against the 
latest CloudLinux 5 kernel update, 2.6.18-338.19.1.el5.lve0.8.36.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 5 install 
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, 
these updates will be installed automatically and you do not need to take 
any additional action.


DESCRIPTION

* CVE-2011-1576: Denial of service with VLAN packets and GRO.

A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) 
packets. An attacker on the local network could trigger this flaw by 
sending specially-crafted packets to a target system, possibly causing a 
denial of service. (CVE-2011-1576, Moderate)


* CVE-2011-0711: Information leak in XFS filesystem.

A missing initialization flaw in the XFS file system implementation could 
lead to an information leak. (CVE-2011-0711, Low)


* CVE-2011-1573: Remote denial of service in SCTP.

A flaw in the Stream Control Transmission Protocol (SCTP) implementation 
could allow a remote attacker to cause a denial of service if the sysctl 
"net.sctp.addip_enable" variable was turned on (it is off by default).  
(CVE-2011-1573, Important)


* Fix lockup in some cciss controllers.

A fix to the cciss driver introduced in an earlier Red Hat kernel could 
cause lockups on certain controllers.


* CVE-2011-1776: Missing validation for GPT partitions.

A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation 
could allow a local attacker to cause a denial of service by mounting a 
disk containing specially-crafted partition tables. (CVE-2011-1776, Low)


* CVE-2011-0695: Remote denial of service in InfiniBand setup.

A race condition in the way new InfiniBand connections were set up could 
allow a remote user to cause a denial of service. (CVE-2011-0695, 
Important)


* CVE-2010-4649, CVE-2011-1044: Buffer overflow in InfiniBand uverb handling.

An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, 
unprivileged user to cause a denial of service or escalate their 
privileges. (CVE-2010-4649, Important)

A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to 
cause an information leak. (CVE-2011-1044, Low)


* CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.

Flaws in the AGPGART driver implementation when handling certain IOCTL 
commands could allow a local, unprivileged user to cause a denial of 
service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, 
Important)


* CVE-2011-1746: Integer overflow in agp_allocate_memory.

An integer overflow flaw in agp_allocate_memory() could allow a local, 
unprivileged user to cause a denial of service or escalate their 
privileges. (CVE-2011-1746, Important)


* CVE-2011-1593: Denial of service in next_pidmap.

An integer signedness error in next_pidmap() could allow a local, 
unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)


* CVE-2011-1182: Missing validation check in signals implementation.

A missing validation check was found in the signals implementation. A 
local, unprivileged user could use this flaw to send signals via the 
sigqueueinfo system call, with the si_code set to SI_TKILL and with 
spoofed process and user IDs, to other processes. Note: This flaw does not 
allow existing permission checks to be bypassed; signals can only be sent 
if your privileges allow you to already do so. (CVE-2011-1182, Low)


* CVE-2011-2213: Denial of service in inet_diag_bc_audit.

A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to 
cause a denial of service (infinite loop). (CVE-2011-2213, Moderate)


* CVE-2011-2492: Information leak in bluetooth implementation.

Structure padding in two structures in the Bluetooth implementation was 
not initialized properly before being copied to user-space, possibly 
allowing local, unprivileged users to leak kernel stack memory to 
user-space. (CVE-2011-2492, Low)

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the CloudLinux5-Updates mailing list