[Ksplice][CloudLinux 5 Updates] New updates available via Ksplice (2.6.18-338.12.1.el5.lve0.8.34)

Tim Abbott tabbott at ksplice.com
Tue Jun 14 17:11:29 PDT 2011 

Synopsis: 2.6.18-338.12.1.el5.lve0.8.34 can now be patched using Ksplice
CVEs: CVE-2010-1083 CVE-2011-0726 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1093 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1494 CVE-2011-1495 CVE-2011-1577
Red Hat Security Advisory Severity: Important

Systems running CloudLinux 5 can now use Ksplice to patch against the 
latest CloudLinux 5 kernel update, 2.6.18-338.12.1.el5.lve0.8.34.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 5 install 
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, 
these updates will be installed automatically and you do not need to take 
any additional action.


DESCRIPTION

* CVE-2011-1079: Missing validation in bnep_sock_ioctl.

A missing validation of a null-terminated string data structure element in 
the bnep_sock_ioctl() function could allow a local user to cause an 
information leak or a denial of service.


* CVE-2011-1093: Remote Denial of Service in DCCP.

A flaw in the dccp_rcv_state_process() function could allow a remote 
attacker to cause a denial of service, even when the socket was already 
closed. (CVE-2011-1093, Important)


* CVE-2011-0726: Information leak in /proc/[pid]/stat.

The start_code and end_code values in "/proc/[pid]/stat" were not 
protected. In certain scenarios, this flaw could be used to defeat Address 
Space Layout Randomization (ASLR).


* CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172: Information leaks in netfilter.

Missing validations of null-terminated string data structure elements in 
the do_replace(), compat_do_replace(), do_ipt_get_ctl(), 
do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local 
user who has the CAP_NET_ADMIN capability to cause an information leak. 
(CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low)


* Buffer overflow in iptables CLUSTERIP target.

The ipt_CLUSTERIP module parses a user-provided string without checking it 
for null termination, resulting in a possible buffer overflow.


* CVE-2011-1163: Kernel information leak parsing malformed OSF partition tables.

A buffer overflow flaw in the DEC Alpha OSF partition implementation in 
the Linux kernel could allow a local attacker to cause an information leak 
by mounting a disk that contains specially-crafted partition tables.  
(CVE-2011-1163, Low)


* USB Audio regression introduced by CVE-2010-1083 fix.

An incorrect fix by Red Hat for CVE-2010-1083 introduced a regression in 
USB data transfer, which could result in significant audio degredation 
using USB audo devices.


* Denial of service in NFS server via reference count leak.

Repeated NLM lock operations can cause a reference count to overflow, 
eventually leading to a use-after-free causing a denial of service (kernel 
panic) or other unspecified impact.


* Fix a packet flood when initializing a bridge device without STP.

If bridge was configured with no STP and forwarding delay of 0 then when 
the link started it would flood packets for the first 20 seconds.


* CVE-2011-1577: Missing boundary checks in GPT partition handling.

A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) 
implementation could allow a local attacker to cause a denial of service 
by mounting a disk that contains specially-crafted partition tables.  
(CVE-2011-1577, Low)


* CVE-2011-1078: Information leak in Bluetooth sco.

A missing initialization flaw in the sco_sock_getsockopt() function could 
allow a local, unprivileged user to cause an information leak. 
(CVE-2011-1078, Low)


* CVE-2011-1494, CVE-2011-1495: Privilege escalation in LSI MPT Fusion SAS 2.0 driver.

Multiple buffer overflow flaws were found in the Linux kernel's Management 
Module Support for Message Passing Technology (MPT) based controllers. A 
local, unprivileged user could use these flaws to cause a denial of 
service, an information leak, or escalate their privileges.  
(CVE-2011-1494, CVE-2011-1495, Important)


* Infinite loop on CPT kernel thread creation.

The local_kernel_thread function in the CPT subsystem was missing a check 
for pending signals, which could lead to an infinite loop while creating 
kernel threads.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the CloudLinux5-Updates mailing list