[Ksplice][RHEL 4 Updates] New updates available via Ksplice (RHSA-2010:0146-1)

[Nelson Elhage]

Synopsis: RHSA-2010:0146-1 can now be patched using Ksplice
CVEs: CVE-2009-4271 CVE-2010-0007 CVE-2010-0307
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 4 and CentOS 4 can now use
Ksplice to patch against the latest Red Hat Security Advisory,
RHSA-2010:0146-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 4 and CentOS 4 users
install these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2009-4271: Kernel panic in coredump of 32-bit programs on 64-bit systems.

A NULL pointer dereference flaw was found in the Linux kernel.
During a core dump, the kernel did not check if the Virtual
Dynamically-linked Shared Object page was accessible.  On x86_64
systems, a local, unprivileged user could use this flaw to cause a
kernel panic and denial of service by running a crafted 32-bit program.


* CVE-2010-0007: Missing capabilities check in ebtables module.

The ebtables module in the netfilter framework in the Linux kernel did
not require the CAP_NET_ADMIN capability for setting or modifying
rules, which allows local users to bypass intended access restrictions
and configure arbitrary network-traffic filtering via a modified
ebtables application.


* CVE-2010-0307: Denial of service on x86_64 due to load_elf_binary.

Mathias Krause discovered that the load_elf_binary function in
fs/binfmt_elf.c did not ensure that the ELF interpreter is available
before a call to the SET_PERSONALITY macro, in a flaw related to the
flush_old_exec function.  This flaw allows local users to cause a
denial of service (system crash) via a 32-bit application that
attempts to execute a 64-bit application, which fails, and then
triggers a segmentation fault.  The issue is demonstrated by
"amd64_killer".

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.