[Ksplice][RHEL 4 Updates] New updates available via Ksplice (RHSA-2010:0394-1)

Nelson Elhage nelhage at ksplice.com
Thu May 6 14:09:23 PDT 2010 

Synopsis: RHSA-2010:0394-1 can now be patched using Ksplice
CVEs: CVE-2010-0729 CVE-2010-1083 CVE-2010-1085 CVE-2010-1086
      CVE-2010-1188
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 4 and CentOS 4 can now use
Ksplice to patch against the latest Red Hat Security Advisory,
RHSA-2010:0394-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 4 and CentOS 4 users
install these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2010-1085: Divide-by-zero in Intel HDA driver.

A divide-by-zero flaw was found in azx_position_ok() in the Intel High
Definition Audio driver, snd-hda-intel. A local, unprivileged user
could trigger this flaw to cause a denial of service. (CVE-2010-1085,
Moderate)


* CVE-2010-1086: Infinite loop in ULE implementation.

A flaw was found in the kernel's Unidirectional Lightweight
Encapsulation (ULE) implementation. A remote attacker could send a
specially-crafted ISO MPEG-2 Transport Stream (TS) frame to a target
system, resulting in a denial of service. (CVE-2010-1086, Important)


* CVE-2010-1083: Information leak in USB implementation.

An information leak flaw was found in the kernel's USB implementation.
Certain USB errors could result in an uninitialized kernel buffer
being sent to user-space. An attacker with physical access to a target
system could use this flaw to cause an information
leak. (CVE-2010-1083, Low)


* CVE-2010-1188: Denial of service in tcp_rcv_state_process.

A use-after-free flaw was found in tcp_rcv_state_process() in the
kernel's TCP/IP protocol suite implementation. If a system using IPv6
had the IPV6_RECVPKTINFO option set on a listening socket, a remote
attacker could send an IPv6 packet to that system, causing a kernel
panic.  (CVE-2010-1188, Important)


* Kernel panic in NFS communicating with rebooted NFS server.

In some circumstances, when a Red Hat Enterprise Linux client
connected to a re-booted Windows-based NFS server, server-side
filehandle-to-inode mapping changes caused a kernel panic.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the RHEL4-Updates mailing list