[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2012:0007-1)

Thu Jan 12 11:22:30 PST 2012

Synopsis: RHSA-2012:0007-1 can now be patched using Ksplice
CVEs: CVE-2011-1020 CVE-2011-3637 CVE-2011-4077 CVE-2011-4132
      CVE-2011-4324 CVE-2011-4325 CVE-2011-4330 CVE-2011-4348
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 5, CentOS 5, Scientific Linux
5, and CentOSPlus 5 can now use Ksplice to patch against the latest
Red Hat Security Advisory, RHSA-2012:0007-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 5, CentOS 5,
Scientific Linux 5, and CentOSPlus 5 install these updates.  You can
install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

DESCRIPTION

* CVE-2011-4077: Buffer overflow in xfs_readlink.

A flaw in the way the XFS filesystem implementation handled links with
pathnames larger than MAXPATHLEN allowed an attacker to mount a
malicious XFS image that could crash the system or result in privilege
escalation.

* CVE-2011-4132: Denial of service in Journaling Block Device layer.

A flaw in the way the Journaling Block Device (JBD) layer handled an
invalid log first block value allowed an attacker to mount a malicious
ext3 or ext4 image that would crash the system.

* CVE-2011-4330: Buffer overflow in HFS file name translation logic.

Clement Lecigne reported a flaw in the way the HFS filesystem
implementation handled file names larger than HFS_NAMELEN. A missing
length check in hfs_mac2asc could result in a buffer overflow.

* CVE-2011-4324: Denial of service vulnerability in NFSv4.

A flaw was found in the Linux kernel's encode_share_access()
implementation. A local, unprivileged user could use this flaw to
trigger a denial of service by creating a regular file on an NFSv4
(Network File System version 4) file system via
mknod(). (CVE-2011-4324, Moderate)

* CVE-2011-4325: Denial of service in NFS direct-io.

A flaw was found in the Linux kernel's NFS implementation. A local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2011-4325, Moderate).

* CVE-2011-4348: Socking locking race in SCTP.

The original fix for CVE-2011-2482 introduced a regression: on systems
that do not have Security-Enhanced Linux (SELinux) in Enforcing mode,
a socket lock race could occur between sctp_rcv() and sctp_accept(). A
remote attacker could use this flaw to cause a denial of service. By
default, SELinux runs in Enforcing mode on Red Hat Enterprise Linux
5. (CVE-2011-4348, Important)

* CVE-2011-1020, CVE-2011-3637: Information leak, DoS in /proc.

The proc file system could allow a local, unprivileged user to obtain
sensitive information or possibly cause integrity
issues. (CVE-2011-1020, Moderate).

* A missing validation flaw was found in the Linux kernel's m_stop()
implementation. A local, unprivileged user could use this flaw to trigger a
denial of service. (CVE-2011-3637, Moderate).

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.