[Ksplice][RHEL 4 Updates] New updates available via Ksplice (RHSA-2011:0263-01)

[Keegan McAllister]

Synopsis: RHSA-2011:0263-01 can now be patched using Ksplice
CVEs: CVE-2010-3296 CVE-2010-4655 CVE-2011-0521
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 4, CentOS 4, and CentOSPlus 4
can now use Ksplice to patch against the latest Red Hat Security
Advisory, RHSA-2011:0263-01.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 4, CentOS 4, and CentOSPlus
4 users install these updates.  You can install these updates by
running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2010-4655: Information leak in ETHTOOL_GREGS ioctl.

The ethtool_get_regs function failed to initialize a block of heap memory,
leaking information to local users who have the CAP_SYS_ADMIN capability.


* CVE-2011-0521: Buffer underflow vulnerability in av7110 driver.

Dan Carpenter reported an issue in the DVB driver for AV7110 cards. Local users
can pass a negative info->num value, corrupting kernel memory and causing a
denial of service.


* CVE-2010-3296: Kernel information leak in cxgb driver.

The CHELSIO_GET_QSET_NUM device ioctl allows unprivileged users to read 4 bytes
of uninitialized stack memory, because the "addr" member of the ch_reg struct
declared on the stack in cxgb_extension_ioctl() is not altered or zeroed before
being copied back to the user.


* Kernel stack overflow by unlimited recursion in binfmt_misc.

Registering a file as its own binfmt_misc handler can result in unlimited
recursion within kernel code, causing denial of service or privilege
escalation.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.