[Ksplice][RHEL 4 Updates] New updates available via Ksplice (RHSA-2011:0162-1)
Nelson Elhage
nelhage at ksplice.com
Fri Jan 21 14:07:14 PST 2011
Synopsis: RHSA-2011:0162-1 can now be patched using Ksplice
CVEs: CVE-2010-3859 CVE-2010-4072 CVE-2010-4073 CVE-2010-4075 CVE-2010-4080
CVE-2010-4083 CVE-2010-4157 CVE-2010-4158 CVE-2010-4242 CVE-2010-4249
CVE-2010-4258
Red Hat Security Advisory Severity: Important
Systems running Red Hat Enterprise Linux 4, CentOS 4, and CentOSPlus 4
can now use Ksplice to patch against the latest Red Hat Security
Advisory, RHSA-2011:0162-1.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack RHEL 4, CentOS 4, and CentOSPlus
4 users install these updates. You can install these updates by
running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* CVE-2010-4080 Information leak in RME Digi9652 soundcard driver.
The SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl in the RME Digi9652
(Hammerfall) soundcard driver allows unprivileged users to read
uninitialized kernel stack memory. (CVE-2010-4080, Low)
* CVE-2010-4242: Denial of service in Bluetooth HCI UART driver.
A NULL pointer dereference flaw was found in the Bluetooth HCI UART
driver in the Linux kernel. A local, unprivileged user could use this
flaw to cause a denial of service. (CVE-2010-4242, Moderate)
* CVE-2010-4073: Information leak in compat IPC.
The compat IPC functions allow unprivileged users to read
uninitialized stack memory. (CVE-2010-4073, Low)
* CVE-2010-4072: Information leak in old SHM interface.
The old SHM interface allows unprivileged users to read uninitialized
stack memory. (CVE-2010-4072, Low)
* CVE-2010-3859: Privilege escalation in TIPC.
A heap overflow flaw was found in the Linux kernel's Transparent
Inter-Process Communication protocol (TIPC) implementation. A local,
unprivileged user could use this flaw to escalate their privileges.
(CVE-2010-3859, Important)
* CVE-2010-4157: Memory corruption in Intel/ICP RAID driver.
Missing sanity checks were found in gdth_ioctl_alloc() in the gdth
driver in the Linux kernel. A local user with access to "/dev/gdth"
on a 64-bit system could use these flaws to cause a denial of service
or escalate their privileges. (CVE-2010-4157, Moderate)
* CVE-2010-4083: Information leak in System V IPC.
A missing initialization flaw was found in System V IPC. A local,
unprivileged user could use this flaw to cause information leaks.
(CVE-2010-4083, Low)
* CVE-2010-4075: Information leak in serial driver.
The TIOCGICOUNT device ioctl in the serial allows unprivileged users
to read uninitialized stack memory. (CVE-2010-4075, Low)
* CVE-2010-4158: Kernel information leak in socket filters.
The sk_run_filter function in the kernel's socket filter
implementation did not properly clear an array on the kernel stack,
resulting in uninitialized kernel stack memory being copied to user
space. (CVE-2010-4158, Low)
* CVE-2010-4249: Denial of service in UNIX sockets garbage collector
A flaw was found in the Linux kernel's garbage collector for AF_UNIX
sockets. A local, unprivileged user could use this flaw to trigger a
denial of service (out-of-memory condition). (CVE-2010-4249,
Moderate)
* CVE-2010-4258: Privilege escalation via do_exit.
The do_exit function does not properly handle a KERNEL_DS get_fs
value, which allows local users to bypass intended access_ok
restrictions, overwrite arbitrary kernel memory locations, and gain
privileges by leveraging a BUG, NULL pointer dereference, or page
fault.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the RHEL4-Updates
mailing list