[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab092.1)

Wed Jul 27 16:28:05 PDT 2011

Synopsis: CU-2.6.18-028stab092.1 can now be patched using Ksplice
CVEs: CVE-2010-4649 CVE-2011-0695 CVE-2011-0711 CVE-2011-1044
CVE-2011-1182 CVE-2011-1573 CVE-2011-1576 CVE-2011-1593 CVE-2011-1745
CVE-2011-1746 CVE-2011-1776 CVE-2011-2022 CVE-2011-2213 CVE-2011-2492
Red Hat Security Advisory Severity: Important

Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers
kernel security update, CU-2.6.18-028stab092.1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or
OpenVZ on RHEL 5 install these updates.  You can install these updates
by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

DESCRIPTION

* CVE-2011-1576: Denial of service with VLAN packets and GRO.

A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN)
packets. An attacker on the local network could trigger this flaw by
sending specially-crafted packets to a target system, possibly
causing a denial of service. (CVE-2011-1576, Moderate)

* CVE-2011-0711: Information leak in XFS filesystem.

A missing initialization flaw in the XFS file system implementation
could lead to an information leak. (CVE-2011-0711, Low)

* CVE-2011-1573: Remote denial of service in SCTP.

A flaw in the Stream Control Transmission Protocol (SCTP)
implementation could allow a remote attacker to cause a denial of
service if the sysctl "net.sctp.addip_enable" variable was turned on
(it is off by default).  (CVE-2011-1573, Important)

* Fix lockup in some cciss controllers.

A fix to the cciss driver introduced in an earlier Red Hat kernel could cause
lockups on certain controllers.

* CVE-2011-1776: Missing validation for GPT partitions.

A heap overflow flaw in the EFI GUID Partition Table (GPT)
implementation could allow a local attacker to cause a denial of
service by mounting a disk containing specially-crafted partition
tables. (CVE-2011-1776, Low)

* CVE-2011-0695: Remote denial of service in InfiniBand setup.

A race condition in the way new InfiniBand connections were set up
could allow a remote user to cause a denial of
service. (CVE-2011-0695, Important)

* CVE-2010-4649, CVE-2011-1044: Buffer overflow in InfiniBand uverb handling.

An integer overflow flaw in ib_uverbs_poll_cq() could allow a local,
unprivileged user to cause a denial of service or escalate their
privileges. (CVE-2010-4649, Important)

A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user
to cause an information leak. (CVE-2011-1044, Low)

* CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.

Flaws in the AGPGART driver implementation when handling certain
IOCTL commands could allow a local, unprivileged user to cause a
denial of service or escalate their privileges. (CVE-2011-1745,
CVE-2011-2022, Important)

* CVE-2011-1746: Integer overflow in agp_allocate_memory.

An integer overflow flaw in agp_allocate_memory() could allow a
local, unprivileged user to cause a denial of service or escalate
their privileges. (CVE-2011-1746, Important)

* CVE-2011-1593: Denial of service in next_pidmap.

An integer signedness error in next_pidmap() could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-1593,
Moderate)

* CVE-2011-1182: Missing validation check in signals implementation.

A missing validation check was found in the signals implementation. A
local, unprivileged user could use this flaw to send signals via the
sigqueueinfo system call, with the si_code set to SI_TKILL and with
spoofed process and user IDs, to other processes. Note: This flaw
does not allow existing permission checks to be bypassed; signals can
only be sent if your privileges allow you to already do
so. (CVE-2011-1182, Low)

* CVE-2011-2213: Denial of service in inet_diag_bc_audit.

A flaw in inet_diag_bc_audit() could allow a local, unprivileged user
to cause a denial of service (infinite loop). (CVE-2011-2213,
Moderate)

* CVE-2011-2492: Information leak in bluetooth implementation.

Structure padding in two structures in the Bluetooth implementation
was not initialized properly before being copied to user-space,
possibly allowing local, unprivileged users to leak kernel stack
memory to user-space. (CVE-2011-2492, Low)

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.