[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2010:0610-1)

Wed Aug 11 09:27:17 PDT 2010

Synopsis: RHSA-2010:0610-1 can now be patched using Ksplice
CVEs: CVE-2010-1084 CVE-2010-2066 CVE-2010-2226 CVE-2010-2248 CVE-2010-2521 CVE-2010-2524
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 5 and CentOS 5 can now use
Ksplice to patch against the latest Red Hat Security Advisory,
RHSA-2010:0610-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 5 and CentOS 5 users
install these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2010-2066: Missing privilege check in ext4 for append-only files.

A missing check was found in the mext_check_arguments() function in
the ext4 file system code. A local user could use this flaw to cause
the MOVE_EXT IOCTL to overwrite the contents of an append-only file on
an ext4 file system, if they have write permissions for that
file. (CVE-2010-2066, Low)

* CVE-2010-1084: Privilege escalation in Bluetooth subsystem.

Instances of unsafe sprintf() use were found in the Linux kernel
Bluetooth implementation. Creating a large number of Bluetooth L2CAP,
SCO, or RFCOMM sockets could result in arbitrary memory pages being
overwritten.  A local, unprivileged user could use this flaw to cause
a kernel panic (denial of service) or escalate their
privileges. (CVE-2010-1084, Important)

* CVE-2010-2248: Remote denial of service in CIFS client.

A flaw was found in the CIFSSMBWrite() function in the Linux kernel
Common Internet File System (CIFS) implementation. A remote attacker
could send a specially-crafted SMB response packet to a target CIFS
client, resulting in a kernel panic (denial of
service). (CVE-2010-2248, Important)

* CVE-2010-2524: False CIFS mount via DNS cache poisoning.

A flaw was found in the dns_resolver upcall used by CIFS. A local,
unprivileged user could redirect a Microsoft Distributed File System
link to another IP address, tricking the client into mounting the
share from a server of the user's choosing. (CVE-2010-2524, Moderate)

* CVE-2010-2521: Remote buffer overflow in NFSv4 server.

Buffer overflow flaws were found in the Linux kernel's implementation
of the server-side External Data Representation (XDR) for the Network
File System (NFS) version 4. An attacker on the local network could
send a specially-crafted large compound request to the NFSv4 server,
which could possibly result in a kernel panic (denial of service) or,
potentially, code execution. (CVE-2010-2521, Important)

* CVE-2010-2226: Read access to write-only files in XFS filesystem.

A flaw was found in the handling of the SWAPEXT IOCTL in the Linux
kernel XFS file system implementation. A local user could use this
flaw to read write-only files, that they do not own, on an XFS file
system. This could lead to unintended information
disclosure. (CVE-2010-2226, Moderate)

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.