[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2010:0839-1)

Wed Nov 10 08:39:19 PST 2010

Synopsis: RHSA-2010:0839-1 can now be patched using Ksplice
CVEs: CVE-2010-2963 CVE-2010-3066 CVE-2010-3067 CVE-2010-3078 CVE-2010-3086
      CVE-2010-3477
Red Hat Security Advisory Severity: Moderate

Systems running Red Hat Enterprise Linux 5, CentOS 5, and CentOSPlus 5
can now use Ksplice to patch against the latest Red Hat Security
Advisory, RHSA-2010:0839-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 5, CentOS 5, and CentOSPlus
5 users install these updates.  You can install these updates by
running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2010-3066: NULL pointer dereference in io_submit_one.

A NULL pointer dereference flaw was found in the io_submit_one()
function in the Linux kernel asynchronous I/O implementation. A local,
unprivileged user could use this flaw to cause a denial of
service. (CVE-2010-3066, Moderate)

* CVE-2010-3067: Information leak in sys_io_submit.

A missing upper bound integer check was found in the sys_io_submit()
function in the Linux kernel asynchronous I/O implementation. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3067, Low)

* CVE-2010-3078: Information leak in xfs_ioc_fsgetxattr.

A flaw was found in the xfs_ioc_fsgetxattr() function in the Linux
kernel XFS file system implementation. A data structure in
xfs_ioc_fsgetxattr() was not initialized properly before being copied
to user-space. A local, unprivileged user could use this flaw to cause
an information leak.  (CVE-2010-3078, Moderate)

* CVE-2010-3086: Denial of Service in futex atomic operations.

The exception fixup code for the __futex_atomic_op1,
__futex_atomic_op2, and futex_atomic_cmpxchg_inatomic() macros
replaced the LOCK prefix with a NOP instruction. A local, unprivileged
user could use this flaw to cause a denial of service. (CVE-2010-3086,
Moderate)

* CVE-2010-3477: Information leak in tcf_act_police_dump.

A flaw was found in the tcf_act_police_dump() function in the Linux
kernel network traffic policing implementation. A data structure in
tcf_act_police_dump() was not initialized properly before being copied
to user-space. A local, unprivileged user could use this flaw to cause
an information leak. (CVE-2010-3477, Moderate)

* CVE-2010-2963: Kernel memory overwrite in VIDIOCSMICROCODE.

The ioctl32 v4l1 compat code for VIDIOCSMICROCODE does not check the
destination buffer for a copy_from_user() call, which allows anyone
with access to a v4l device to write to arbitrary kernel memory
locations.

* Buffer overflow in icmpmsg_put.

Reading from the /proc/net/snmp file could cause a buffer overflow when the
number of different MIBs messages overran the internal buffer.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.