[Ksplice][CloudLinux 5 Updates] New updates available via Ksplice (kernel-2.6.18-374.18.1.el5.lve0.8.57)

[Sasha Levin]

Synopsis: kernel-2.6.18-374.18.1.el5.lve0.8.57 can now be patched using Ksplice
CVEs: CVE-2011-1020 CVE-2011-3637 CVE-2011-3638 CVE-2011-4077 CVE-2011-4086 CVE-2011-4127 CVE-2011-4132 CVE-2011-4324 CVE-2011-4325 CVE-2011-4330 CVE-2011-4348 CVE-2012-0028 CVE-2012-0207
Red Hat Security Advisory Severity: Important

Systems running CloudLinux 5 can now use Ksplice to patch against the
latest CloudLinux 5 kernel update,
kernel-2.6.18-374.18.1.el5.lve0.8.57.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 5 install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-4077: Buffer overflow in xfs_readlink.

A flaw in the way the XFS filesystem implementation handled links with
pathnames larger than MAXPATHLEN allowed an attacker to mount a
malicious XFS image that could crash the system or result in privilege
escalation.


* CVE-2011-4132: Denial of service in Journaling Block Device layer.

A flaw in the way the Journaling Block Device (JBD) layer handled an
invalid log first block value allowed an attacker to mount a malicious
ext3 or ext4 image that would crash the system.


* CVE-2011-4330: Buffer overflow in HFS file name translation logic.

Clement Lecigne reported a flaw in the way the HFS filesystem
implementation handled file names larger than HFS_NAMELEN. A missing
length check in hfs_mac2asc could result in a buffer overflow.


* CVE-2011-4324: Denial of service vulnerability in NFSv4.

A flaw was found in the Linux kernel's encode_share_access()
implementation. A local, unprivileged user could use this flaw to
trigger a denial of service by creating a regular file on an NFSv4
(Network File System version 4) file system via
mknod(). (CVE-2011-4324, Moderate)


* CVE-2011-4325: Denial of service in NFS direct-io.

A flaw was found in the Linux kernel's NFS implementation. A local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2011-4325, Moderate).


* CVE-2011-4348: Socket locking race in SCTP.

The original fix for CVE-2011-2482 introduced a regression: on systems
that do not have Security-Enhanced Linux (SELinux) in Enforcing mode,
a socket lock race could occur between sctp_rcv() and sctp_accept(). A
remote attacker could use this flaw to cause a denial of service. By
default, SELinux runs in Enforcing mode on Red Hat Enterprise Linux
5. (CVE-2011-4348, Important)


* CVE-2011-1020, CVE-2011-3637: Information leak, DoS in /proc.

The proc file system could allow a local, unprivileged user to obtain
sensitive information or possibly cause integrity
issues. (CVE-2011-1020, Moderate).

* A missing validation flaw was found in the Linux kernel's m_stop()
implementation. A local, unprivileged user could use this flaw to trigger a
denial of service. (CVE-2011-3637, Moderate).


* Denial of service in netfilter IP connection tracking.

Adding a connection limiting rule when the connection limiting netfilter module
isn't loaded would allow an attacker to cause a kernel OOPS.


* NULL dereference in the IP subsystem.

An attacker is able, using specially crafted IP packets, to cause a NULL
dereference when the IP layer will parse the options field of the packet.


* CVE-2012-0207: Denial of service bug in IGMP.

The IGMP subsystem's compatibility handling of v2 packets had a bug in
the computation of a delay field which could result in division by
zero (causing a kernel panic).


* CVE-2011-4086: Denial of service in journaling block device.

The journal block device assumed that a buffer marked as unwritten
or delay could be live without checking if the buffer was mapped.

An unprivileged local user could use this flaw to crash the system.


* CVE-2012-0028: Privilege escalation in user-space futexes.

A flaw was found in the way the Linux kernel handled robust list
pointers of user-space held futexes across exec() calls. A local,
unprivileged user could use this flaw to cause a denial of service or,
eventually, escalate their privileges.


* CVE-2011-3638: Disk layout corruption bug in ext4 filesystem.

A flaw was found in the Linux kernel in the way splitting two extents in
ext4_ext_convert_to_initialized() worked. A local, unprivileged user
with the ability to mount and unmount ext4 file systems could use this
flaw to cause a denial of service.


* CVE-2011-4127: KVM privilege escalation through insufficient validation in SG_IO ioctl.

Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM
volumes resulted in the requests being passed to the underlying block
device. If a privileged user only had access to a single partition or
LVM volume, they could use this flaw to bypass those restrictions and
gain read and write access (and be able to issue other SCSI commands)
to the entire block device.

In KVM (Kernel-based Virtual Machine) environments using raw format
virtio disks backed by a partition or LVM volume, a privileged guest
user could bypass intended restrictions and issue read and write
requests (and other SCSI commands) on the host, and possibly access
the data of other guests that reside on the same underlying block
device. (CVE-2011-4127, Important)

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.