[Ksplice][RHEL 4 Updates] New updates available via Ksplice (RHSA-2011:0162-1)

[Nelson Elhage]

Synopsis: RHSA-2011:0162-1 can now be patched using Ksplice
CVEs: CVE-2010-3859 CVE-2010-4072 CVE-2010-4073 CVE-2010-4075 CVE-2010-4080
      CVE-2010-4083 CVE-2010-4157 CVE-2010-4158 CVE-2010-4242 CVE-2010-4249
      CVE-2010-4258
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 4, CentOS 4, and CentOSPlus 4
can now use Ksplice to patch against the latest Red Hat Security
Advisory, RHSA-2011:0162-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 4, CentOS 4, and CentOSPlus
4 users install these updates.  You can install these updates by
running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2010-4080 Information leak in RME Digi9652 soundcard driver.

The SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl in the RME Digi9652
(Hammerfall) soundcard driver allows unprivileged users to read
uninitialized kernel stack memory.  (CVE-2010-4080, Low)


* CVE-2010-4242: Denial of service in Bluetooth HCI UART driver.

A NULL pointer dereference flaw was found in the Bluetooth HCI UART
driver in the Linux kernel.  A local, unprivileged user could use this
flaw to cause a denial of service.  (CVE-2010-4242, Moderate)


* CVE-2010-4073: Information leak in compat IPC.

The compat IPC functions allow unprivileged users to read
uninitialized stack memory.  (CVE-2010-4073, Low)


* CVE-2010-4072: Information leak in old SHM interface.

The old SHM interface allows unprivileged users to read uninitialized
stack memory.  (CVE-2010-4072, Low)


* CVE-2010-3859: Privilege escalation in TIPC.

A heap overflow flaw was found in the Linux kernel's Transparent
Inter-Process Communication protocol (TIPC) implementation. A local,
unprivileged user could use this flaw to escalate their privileges.
(CVE-2010-3859, Important)


* CVE-2010-4157: Memory corruption in Intel/ICP RAID driver.

Missing sanity checks were found in gdth_ioctl_alloc() in the gdth
driver in the Linux kernel.  A local user with access to "/dev/gdth"
on a 64-bit system could use these flaws to cause a denial of service
or escalate their privileges.  (CVE-2010-4157, Moderate)


* CVE-2010-4083: Information leak in System V IPC.

A missing initialization flaw was found in System V IPC.  A local,
unprivileged user could use this flaw to cause information leaks.
(CVE-2010-4083, Low)


* CVE-2010-4075: Information leak in serial driver.

The TIOCGICOUNT device ioctl in the serial allows unprivileged users
to read uninitialized stack memory.  (CVE-2010-4075, Low)


* CVE-2010-4158: Kernel information leak in socket filters.

The sk_run_filter function in the kernel's socket filter
implementation did not properly clear an array on the kernel stack,
resulting in uninitialized kernel stack memory being copied to user
space.  (CVE-2010-4158, Low)


* CVE-2010-4249: Denial of service in UNIX sockets garbage collector

A flaw was found in the Linux kernel's garbage collector for AF_UNIX
sockets.  A local, unprivileged user could use this flaw to trigger a
denial of service (out-of-memory condition).  (CVE-2010-4249,
Moderate)


* CVE-2010-4258: Privilege escalation via do_exit.

The do_exit function does not properly handle a KERNEL_DS get_fs
value, which allows local users to bypass intended access_ok
restrictions, overwrite arbitrary kernel memory locations, and gain
privileges by leveraging a BUG, NULL pointer dereference, or page
fault.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.