[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab066.7)

[Tim Abbott]

Synopsis: CU-2.6.18-028stab066.7 can now be patched using Ksplice
CVEs: CVE-2009-1385 CVE-2009-1389 CVE-2007-5966 CVE-2009-2406 CVE-2009-2407 CVE-2009-2847 CVE-2009-2848 CVE-2009-2849
Red Hat Security Advisory Severity: Important

Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use 
Ksplice to patch against the latest Parallels Virtuozzo Containers kernel 
security update, CU-2.6.18-028stab066.7.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or OpenVZ on 
RHEL 5 install these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2009-1385: Remote buffer overflow in e1000 Ethernet driver.

A flaw was found in the Intel PRO/1000 network driver in the Linux kernel.
Frames with sizes near the MTU of an interface may be split across multiple
hardware receive descriptors. Receipt of such a frame could leak through a
validation check, leading to a corruption of the length check. A remote
attacker could use this flaw to send a specially-crafted packet that would
cause a denial of service or code execution.

* CVE-2009-1389: Remote buffer overflow in RTL8169 driver.

Michael Tokarev discovered that the RTL8169 network driver did not
correctly validate buffer sizes. A remote attacker on the local
network could send specially crafted traffic that would crash the
system or potentially grant elevated privileges.

* CVE-2007-5966: Integer overflow in hrtimer.

The possibility of a timeout value overflow was found in the Linux
kernel high-resolution timers functionality, hrtimers. This could
allow a local, unprivileged user to execute arbitrary code, or cause a
denial of service (kernel panic).

* CVE-2009-2406: Buffer validation errors in eCryptfs tag 11 packets.

Ramon de Carvalho Valle discovered that eCryptfs did not correctly
validate certain buffer sizes. A local attacker could create specially
crafted eCryptfs files to crash the system or gain elevated
privileges.

* CVE-2009-2407: Buffer validation error in eCryptfs tag 3 packets.

Ramon de Carvalho Valle discovered that eCryptfs did not correctly
validate certain buffer sizes. A local attacker could create specially
crafted eCryptfs files to crash the system or gain elevated
privileges.

* CVE-2009-2847: Information leak in sigaltstack.

Ulrich Drepper noticed an issue in the do_sigalstack routine on 64-bit
systems. This issue allows local users to gain access to potentially
sensitive memory on the kernel stack.

* CVE-2009-2848: Local privilege escalation due to clear_child_tid.

It was discovered that, when executing a new process, the
clear_child_tid pointer in the Linux kernel is not cleared. This could
be exploited to corrupt four bytes of memory, possibly leading to a
local denial of service or privilege escalation.

* CVE-2009-2849: NULL pointer dereference in md.

Neil Brown discovered an issue in the sysfs interface to md
devices. When md arrays are not active, local users can exploit this
vulnerability to cause a denial of service or gain escalated
privileges. Note: By default, unprivileged users do not have write
access to the relevant sysfs files.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.