Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Oracle Linux 5 ELSA-2011-2038 Critical: KVM Privilege Escalation and DoS

oracle
Calendar Grey December 27, 2011
Oracle Linux Logo Esm H88
Oracle Linux Security Notice ELSA-2011-2039 outlines urgent patches tackling vulnerabilities related to unauthorized access and denial of service threats.
The following updated rpms for Oracle Linux 5 have been uploaded to the Unbreakable Linux Network:

Summary

* CVE-2011-4127: KVM privilege escalation through insufficient validation in SG_IO ioctl. Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. In KVM (Kernel-based Virtual Machine) environments using raw format virtio disks backed by a partition or LVM volume, a privileged guest user could bypass intended restrictions and issue read and write requests (and other SCSI commands) on the host, and possibly access the data of other guests that reside on the same underlying block device. (CVE-2011-4127, Important) * CVE-2011-1493: Insufficient validation in X.25 Rose parsing. Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fi...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory privilege escalation DoS KVM network vulnerability Oracle Linux X.25

SRPMs

https://oss.oracle.com:443/ol5/SRPMS-updates/kernel-uek-2.6.32-300.4.1.el5uek.src.rpm https://oss.oracle.com:443/ol5/SRPMS-updates/ofa-2.6.32-300.4.1.el5uek-1.5.1-4.0.53.src.rpm Users with Oracle Linux Premier Support can now use Ksplice to patch against this Security Advisory. We recommend that all users of Oracle Linux 5 install these updates. Users of Ksplice Uptrack can install these updates by running : # /usr/sbin/uptrack-upgrade -y On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any additional action.

x86_64

kernel-uek-firmware-2.6.32-300.4.1.el5uek.noarch.rpm kernel-uek-doc-2.6.32-300.4.1.el5uek.noarch.rpm kernel-uek-2.6.32-300.4.1.el5uek.x86_64.rpm kernel-uek-headers-2.6.32-300.4.1.el5uek.x86_64.rpm kernel-uek-devel-2.6.32-300.4.1.el5uek.x86_64.rpm kernel-uek-debug-devel-2.6.32-300.4.1.el5uek.x86_64.rpm kernel-uek-debug-2.6.32-300.4.1.el5uek.x86_64.rpm ofa-2.6.32-300.4.1.el5uek-1.5.1-4.0.53.x86_64.rpm ofa-2.6.32-300.4.1.el5uekdebug-1.5.1-4.0.53.x86_64.rpm

aarch64

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory privilege escalation DoS KVM network vulnerability Oracle Linux X.25

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here