[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab091.2)

Anders Kaseorg andersk at ksplice.com
Wed Jun 8 19:09:34 PDT 2011 

Synopsis: CU-2.6.18-028stab091.2 can now be patched using Ksplice
CVEs: CVE-2010-1083 CVE-2011-0726 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1093 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1494 CVE-2011-1495 CVE-2011-1577
Red Hat Security Advisory Severity: Important

Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers
kernel security update, CU-2.6.18-028stab091.2.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or
OpenVZ on RHEL 5 install these updates.  You can install these updates
by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-1079: Missing validation in bnep_sock_ioctl.

A missing validation of a null-terminated string data structure
element in the bnep_sock_ioctl() function could allow a local user to
cause an information leak or a denial of service.


* CVE-2011-1093: Remote Denial of Service in DCCP.

A flaw in the dccp_rcv_state_process() function could allow a remote
attacker to cause a denial of service, even when the socket was
already closed. (CVE-2011-1093, Important)


* CVE-2011-0726: Information leak in /proc/[pid]/stat.

The start_code and end_code values in "/proc/[pid]/stat" were not
protected. In certain scenarios, this flaw could be used to defeat
Address Space Layout Randomization (ASLR).


* CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172: Information leaks in netfilter.

Missing validations of null-terminated string data structure elements
in the do_replace(), compat_do_replace(), do_ipt_get_ctl(),
do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a
local user who has the CAP_NET_ADMIN capability to cause an
information leak. (CVE-2011-1080, CVE-2011-1170, CVE-2011-1171,
CVE-2011-1172, Low)


* Buffer overflow in iptables CLUSTERIP target.

The ipt_CLUSTERIP module parses a user-provided string without
checking it for null termination, resulting in a possible buffer
overflow.


* CVE-2011-1163: Kernel information leak parsing malformed OSF partition tables.

A buffer overflow flaw in the DEC Alpha OSF partition implementation
in the Linux kernel could allow a local attacker to cause an
information leak by mounting a disk that contains specially-crafted
partition tables.  (CVE-2011-1163, Low)


* USB Audio regression introduced by CVE-2010-1083 fix.

An incorrect fix by Red Hat for CVE-2010-1083 introduced a regression
in USB data transfer, which could result in significant audio
degredation using USB audo devices.


* Denial of service in NFS server via reference count leak.

Repeated NLM lock operations can cause a reference count to overflow,
eventually leading to a use-after-free causing a denial of service
(kernel panic) or other unspecified impact.


* Fix a packet flood when initializing a bridge device without STP.

If bridge was configured with no STP and forwarding delay of 0 then when the
link started it would flood packets for the first 20 seconds.


* CVE-2011-1577: Missing boundary checks in GPT partition handling.

A heap overflow flaw in the Linux kernel's EFI GUID Partition Table
(GPT) implementation could allow a local attacker to cause a denial
of service by mounting a disk that contains specially-crafted
partition tables.  (CVE-2011-1577, Low)


* CVE-2011-1078: Information leak in Bluetooth sco.

A missing initialization flaw in the sco_sock_getsockopt() function
could allow a local, unprivileged user to cause an information leak.
(CVE-2011-1078, Low)


* CVE-2011-1494, CVE-2011-1495: Privilege escalation in LSI MPT Fusion SAS 2.0 driver.

Multiple buffer overflow flaws were found in the Linux kernel's
Management Module Support for Message Passing Technology (MPT) based
controllers. A local, unprivileged user could use these flaws to
cause a denial of service, an information leak, or escalate their
privileges.  (CVE-2011-1494, CVE-2011-1495, Important)


* Infinite loop on CPT kernel thread creation.

The local_kernel_thread function in the CPT subsystem was missing a
check for pending signals, which could lead to an infinite loop while
creating kernel threads.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ksplice-VZ4-Updates mailing list