[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (CU-2.6.18-028stab093.2)

[Tim Abbott]

Synopsis: CU-2.6.18-028stab093.2 can now be patched using Ksplice
CVEs: CVE-2011-2525
Red Hat Security Advisory Severity: Moderate

Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers
kernel security update, CU-2.6.18-028stab093.2.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or
OpenVZ on RHEL 5 install these updates.  You can install these updates
by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-2525: Denial of Service in packet scheduler API

A flaw allowed the tc_fill_qdisc() function in the Linux kernel's
packet scheduler API implementation to be called on built-in qdisc
structures.  A local, unprivileged user could use this flaw to trigger
a NULL pointer dereference, resulting in a denial of service.
(CVE-2011-2525, Moderate)


* Fix crashes using openvpn via udp on venet devices.

In some circumstances (such as using openvpn via udp on venet
devices), fragmented traffic might escape the L2 header allocation
before reaching venet_xmit, resulting in an out of range memory access
and a kernel panic.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.