[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2011:0429-1)

Wed Apr 13 13:40:27 PDT 2011

Synopsis: RHSA-2011:0429-1 can now be patched using Ksplice
CVEs: CVE-2010-4346 CVE-2011-0521 CVE-2011-1010 CVE-2011-1090 CVE-2011-1478
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 5, CentOS 5, and CentOSPlus 5
can now use Ksplice to patch against the latest Red Hat Security
Advisory, RHSA-2011:0429-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 5, CentOS 5, and CentOSPlus
5 users install these updates.  You can install these updates by
running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

DESCRIPTION

* CVE-2011-1478: NULL dereference in GRO with promiscuous mode.

A NULL pointer dereference flaw was found in the Generic Receive Offload (GRO)
functionality in the Linux kernel's networking implementation. If both GRO and
promiscuous mode were enabled on an interface in a virtual LAN (VLAN), it could
result in a denial of service when a malformed VLAN frame is received on that
interface. (CVE-2011-1478, Moderate)

* CVE-2010-4346: mmap_min_addr bypass in install_special_mapping.

A missing security check in the Linux kernel's implementation of the
install_special_mapping() function could allow a local, unprivileged user to
bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low)

* Use-after-free in MPT driver.

If an application requested asynchronous IO on an MPT Fusion device node, the
state was not cleaned up after the device was closed, leading to reuse of a
freed object, resulting in a potential kernel crash.

* CVE-2011-0521: Missing boundary check in dvb_ca_ioctl.

A missing boundary check was found in the dvb_ca_ioctl() function in the Linux
kernel's av7110 module. On systems that use old DVB cards that require the
av7110 module, a local, unprivileged user could use this flaw to cause a denial
of service or escalate their privileges. (CVE-2011-0521, Important)

* CVE-2011-1010: Denial of service parsing malformed Mac OS partition tables.

A missing validation check was found in the Linux kernel's
mac_partition() implementation, used for supporting file systems created
on Mac OS operating systems. A local attacker could use this flaw to cause
a denial of service by mounting a disk that contains specially-crafted
partitions. (CVE-2011-1010, Low)

* CVE-2011-1090: Denial of Service in NFSv4 client.

An inconsistency was found in the interaction between the Linux kernel's
method for allocating NFSv4 (Network File System version 4) ACL data and
the method by which it was freed. This inconsistency led to a kernel panic
which could be triggered by a local, unprivileged user with files owned by
said user on an NFSv4 share. (CVE-2011-1090, Moderate)

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.