[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHBA-2012:0361-1)

[Christine Spang]

Synopsis: RHBA-2012:0361-1 can now be patched using Ksplice

Systems running Red Hat Enterprise Linux 5 can now use Ksplice to
patch against the latest Red Hat Bug Fix Advisory, RHBA-2012:0361-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 5 install these
updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* Denial of service in filesystem unmounting.

The kernel's processing of dentries in the dcache could, under certain
circumstances, trigger the NMI watchdog.  A local privileged user could
use this flaw to initiate a denial of service attack.


* Soft lockup in USB ACM driver.

The Abstract Control Model (ACM) driver had a race condition that could,
under certain circumstances, lead to deadlock and a soft lockup.


* System hang in qla2xxx driver during I/O error recovery.

Systems using QLogic Fibre Channel Host Bust Adapters could become
unresponsive during I/O error recovery under rare circumstances.


* Use-after-free in Broadcom Tigon3 Ethernet driver.

The Broadcom Tigon3 Ethernet driver has a workaround for 40-bit DMA that
may allocate a new socket buffer whilst the caller held a reference to
the old socket buffer which it used for timestamping.


* Kernel panic in Broadcom Tigon3 Ethernet driver.

The Broadcom Tigon3 Ethernet driver would, under certain circumstances,
attempt to unmap a buffer that had not been previously mapped, resulting
in a kernel panic.


* Bad access control permissions to dmesg_restrict sysctl.

The root user without the CAP_SYS_ADMIN capability was able to reset the
contents of the "/proc/sys/kernel/dmesg_restrict" configuration file to
0.  Consequently, the unprivileged root user could bypass the protection
of the "dmesg_restrict" file and read the kernel ring buffer.


* Network failure on detach+attach of NIC in IGB driver.

The IGB driver powered down the Ethernet PHY when the NIC was detached,
but not reset.  Under certain circumstances this could cause the PHY to
lose state and fail to come back up when the NIC was reattached
resulting in a loss of connectivity.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.