[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2010:0046-1)

Nelson Elhage nelhage at ksplice.com
Wed Jan 20 11:55:52 PST 2010 

Synopsis: RHSA-2010:0046-1 can now be patched using Ksplice
CVEs: CVE-2006-6304 CVE-2009-3080 CVE-2009-4020 CVE-2009-4021
      CVE-2009-4138 CVE-2009-4141 CVE-2009-4272
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 5 and CentOS 5 can now use
Ksplice to patch against the latest Red Hat Security Advisory,
RHSA-2010:0046-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 5 and CentOS 5 users
install these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2009-4138: NULL pointer dereference flaw in firewire-ohci driver.

A NULL pointer dereference flaw was found in the firewire-ohci driver
used for OHCI compliant IEEE 1394 controllers.  A local, unprivileged
user with access to /dev/fw* files could issue certain IOCTL calls,
causing a denial of service or privilege escalation.  The FireWire
modules are blacklisted by default, and if enabled, only root has
access to the files noted above by default. (CVE-2009-4138, Moderate)


* CVE-2006-6304: Rewrite attack flaw in do_coredump.

The RHSA-2009:0225 update introduced a rewrite attack flaw in the
do_coredump() function.  A local attacker able to guess the file name
a process is going to dump its core to, prior to the process crashing,
could use this flaw to append data to the dumped core file.  This
issue only affects systems that have "/proc/sys/fs/suid_dumpable" set
to 2 (the default value is 0). (CVE-2006-6304, Moderate)


* CVE-2009-4272: Remote DOS vulnerabilities in routing hash table.

The Parallels Virtuozzo Containers team reported that the
RHSA-2009:1243 update introduced two flaws in the routing
implementation.  If an attacker was able to cause a large enough
number of collisions in the routing hash table (via specially-crafted
packets) for the emergency route flush to trigger, a deadlock could
occur.  Secondly, if the kernel routing cache was disabled, an
uninitialized pointer would be left behind after a route lookup,
leading to a kernel panic. (CVE-2009-4272, Important).


* CVE-2009-4020: Buffer overflow mounting currupted hfs filesystem.

A buffer overflow flaw was found in the hfs_bnode_read() function in
the HFS file system implementation.  This could lead to a denial of
service if a user browsed a specially-crafted HFS file system, for
example, by running "ls" (CVE-2009-4020, Low).


* CVE-2009-4021: Denial of service in fuse_direct_io.

A programming error in the fuse_direct_io function could result in
FUSE dereferencing an invalid pointer if the machine entered a
low-memory state, leading to a denial of service (kernel oops)
(CVE-2009-4021, Important).


* CVE-2009-3080: Privilege Escalation in GDT driver.

An array index error in the GDT SCSI driver in the Linux kernel before
2.6.32-rc8 allows local users to cause a denial of service or possibly
gain privileges via a negative event index in an IOCTL
request. (CVE-2009-3080, Important).


* CVE-2009-4141: Local privilege escalation in fasync_helper().

A design error in the fasync_helper function in the Linux kernel could
lead to use of a freed file object, which would be exploited by a
local user to result in privilege escalation. (CVE-2009-4141,
Important).

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ksplice-EL5-Updates mailing list