[Ksplice][RHEL 4 Updates] New updates available via Ksplice (RHSA-2010:0474-1)

Tim Abbott tabbott at ksplice.com
Thu Jun 17 19:51:34 PDT 2010 

Synopsis: RHSA-2010:0474-1 can now be patched using Ksplice
CVEs: CVE-2009-3726 CVE-2010-1173 CVE-2010-1437 CVE-2009-3228
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 4 and CentOS 4 can now use 
Ksplice to patch against the latest Red Hat Security Advisory, 
RHSA-2010:0474-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 4 and CentOS 4 users install 
these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2010-1437: Privilege escalation in kernel key management.

A race condition between finding a keyring by name and destroying a freed 
keyring was found in the Linux kernel key management facility.  A local, 
unprivileged user could use this flaw to cause a kernel panic (denial of 
service) or escalate their privileges.

* CVE-2009-3726: NULL pointer dereference in NFSv4.

A NULL pointer dereference flaw was found in the Linux kernel NFSv4 
implementation.  Several of the NFSv4 file locking functions failed to 
check whether a file had been opened on the server before performing 
locking operations on it.  A local, unprivileged user on a system with an 
NFSv4 share mounted could possibly use this flaw to cause a kernel panic 
(denial of service) or escalate their privileges.

* CVE-2010-1173: Remote denial of service in SCTP.

A flaw was found in the sctp_process_unk_param() function in the Linux 
kernel Stream Control Transmission Protocol (SCTP) implementation.  A 
remote attacker could send a specially-crafted SCTP packet to an SCTP 
listening port on a target system, causing a kernel panic (denial of 
service).

* Enable mmap_min_addr hardening against privilege escalation attacks.

The mmap_min_addr sysctl prevents userspace processes from mapping the 
very bottom of memory, as mitigation against userspace exploiting NULL 
pointer dereference bugs in the kernel. Enable it on all kernel 
configurations, not just CONFIG_SECURITY.

(This update is only available for kernels 2.6.9-89.0.9.EL or older, and 
is not required on newer kernels.)

* CVE-2009-3228: Information leaks in networking systems.

Padding data in several core network structures was not initialized 
properly before being sent to user-space. These flaws could lead to 
information leaks. (CVE-2009-3228, Moderate)

(This update is only available for kernels 2.6.9-89.0.11.EL or older, and 
is not required on newer kernels.)

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the RHEL4-Updates mailing list