[Ksplice][CloudLinux 5 Updates] New updates available via Ksplice (2.6.18-338.9.1.el5.lve0.8.32)

[Keegan McAllister]

Synopsis: 2.6.18-338.9.1.el5.lve0.8.32 can now be patched using Ksplice
CVEs: CVE-2010-4346 CVE-2011-0521 CVE-2011-1010 CVE-2011-1090 CVE-2011-1478
Red Hat Security Advisory Severity: Important

Systems running CloudLinux 5 can now use Ksplice to patch against the
latest CloudLinux 5 kernel update, 2.6.18-338.9.1.el5.lve0.8.32.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 5 install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-1478: NULL dereference in GRO with promiscuous mode.

A NULL pointer dereference flaw was found in the Generic Receive Offload (GRO)
functionality in the Linux kernel's networking implementation. If both GRO and
promiscuous mode were enabled on an interface in a virtual LAN (VLAN), it could
result in a denial of service when a malformed VLAN frame is received on that
interface.


* CVE-2010-4346: mmap_min_addr bypass in install_special_mapping.

A missing security check in the Linux kernel's implementation of the
install_special_mapping() function could allow a local, unprivileged user to
bypass the mmap_min_addr protection mechanism.


* Use-after-free in MPT driver.

If an application requested asynchronous IO on an MPT Fusion device node, the
state was not cleaned up after the device was closed, leading to reuse of a
freed object, resulting in a potential kernel crash.


* CVE-2011-0521: Missing boundary check in dvb_ca_ioctl.

A missing boundary check was found in the dvb_ca_ioctl() function in the Linux
kernel's av7110 module. On systems that use old DVB cards that require the
av7110 module, a local, unprivileged user could use this flaw to cause a denial
of service or escalate their privileges.


* CVE-2011-1010: Denial of service parsing malformed Mac OS partition tables.

A missing validation check was found in the Linux kernel's
mac_partition() implementation, used for supporting file systems created
on Mac OS operating systems. A local attacker could use this flaw to cause
a denial of service by mounting a disk that contains specially-crafted
partitions.


* CVE-2011-1090: Denial of service in NFSv4 client.

An inconsistency was found in the interaction between the Linux kernel's
method for allocating NFSv4 (Network File System version 4) ACL data and
the method by which it was freed. This inconsistency led to a kernel panic
which could be triggered by a local, unprivileged user with files owned by
said user on an NFSv4 share.


* Fix incorrect detection of completed mptctl ioctl commands.

A call to the HP_GETHOSTINFO ioctl (I/O Control) in the mptctl module
could result in the MPT (Message Passing Technology) fusion driver
being reset due to erroneous detection of completed ioctl commands.
With this update, the message context sent to the mptctl module is
stored (previously, it was zeroed).  When an ioctl command completes,
the saved message context is used to recognize the completion of the
message, thus resolving the faulty detection.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.