[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2012:0107-1)

[Jessica McKellar]

Synopsis: RHSA-2012:0107-1 can now be patched using Ksplice
CVEs: CVE-2011-3638 CVE-2011-4086 CVE-2011-4127 CVE-2012-0028 CVE-2012-0207
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 5, CentOS 5, Scientific Linux
5, and CentOSPlus 5 can now use Ksplice to patch against the latest
Red Hat Security Advisory, RHSA-2012:0107-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 5, CentOS 5,
Scientific Linux 5, and CentOSPlus 5 install these updates.  You can
install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2012-0207: Denial of service bug in IGMP.

The IGMP subsystem's compatability handling of v2 packets had a bug in
the computation of a delay field which could result in division by
zero (causing a kernel panic).


* CVE-2011-4086: Denial of service in journaling block device.

The journal block device assumed that a buffer marked as unwritten
or delay could be live without checking if the buffer was mapped.

An unprivileged local user could use this flaw to crash the system.


* CVE-2012-0028: Privilege escalation in user-space futexes.

A flaw was found in the way the Linux kernel handled robust list
pointers of user-space held futexes across exec() calls. A local,
unprivileged user could use this flaw to cause a denial of service or,
eventually, escalate their privileges.


* CVE-2011-3638: Disk layout corruption bug in ext4 filesystem.

A flaw was found in the Linux kernel in the way splitting two extents in
ext4_ext_convert_to_initialized() worked. A local, unprivileged user
with the ability to mount and unmount ext4 file systems could use this
flaw to cause a denial of service.


* CVE-2011-4127: KVM privilege escalation through insufficient 
validation in SG_IO ioctl.

Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM
volumes resulted in the requests being passed to the underlying block
device. If a privileged user only had access to a single partition or
LVM volume, they could use this flaw to bypass those restrictions and
gain read and write access (and be able to issue other SCSI commands)
to the entire block device.

In KVM (Kernel-based Virtual Machine) environments using raw format
virtio disks backed by a partition or LVM volume, a privileged guest
user could bypass intended restrictions and issue read and write
requests (and other SCSI commands) on the host, and possibly access
the data of other guests that reside on the same underlying block
device. (CVE-2011-4127, Important)

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.