[RHSA-2011:0007] kernel security and bug fix update

• Buffer overflow in eCryptfs. When /dev/ecryptfs has world writable
  permissions (which it does not, by default, on Red Hat Enterprise Linux 6),
  a local, unprivileged user could use this flaw to cause a denial of service
  or possibly escalate their privileges. (CVE-2010-2492, Important)

• Integer overflow in the RDS protocol implementation could allow a local,
  unprivileged user to cause a denial of service or escalate their
  privileges. (CVE-2010-3865, Important)

• Missing boundary checks in the PPP over L2TP sockets implementation could
  allow a local, unprivileged user to cause a denial of service or escalate
  their privileges. (CVE-2010-4160, Important)

• NULL pointer dereference in the igb driver. If both Single Root I/O
  Virtualization (SR-IOV) and promiscuous mode were enabled on an interface
  using igb, it could result in a denial of service when a tagged VLAN packet
  is received on that interface. (CVE-2010-4263, Important)

• Missing initialization flaw in the XFS file system implementation, and in
  the network traffic policing implementation, could allow a local,
  unprivileged user to cause an information leak. (CVE-2010-3078,
  CVE-2010-3477, Moderate)

• NULL pointer dereference in the Open Sound System compatible sequencer
  driver could allow a local, unprivileged user with access to /dev/sequencer
  to cause a denial of service. /dev/sequencer is only accessible to root and
  users in the audio group by default. (CVE-2010-3080, Moderate)

• Flaw in the ethtool IOCTL handler could allow a local user to cause an
  information leak. (CVE-2010-3861, Moderate)

• Flaw in bcm_connect() in the Controller Area Network (CAN) Broadcast
  Manager. On 64-bit systems, writing the socket address may overflow the
  procname character array. (CVE-2010-3874, Moderate)

• Flaw in the module for monitoring the sockets of INET transport
  protocols could allow a local, unprivileged user to cause a denial of
  service. (CVE-2010-3880, Moderate)

• Missing boundary checks in the block layer implementation could allow a
  local, unprivileged user to cause a denial of service. (CVE-2010-4162,
  CVE-2010-4163, CVE-2010-4668, Moderate)

• NULL pointer dereference in the Bluetooth HCI UART driver could allow a
  local, unprivileged user to cause a denial of service. (CVE-2010-4242,
  Moderate)

• Flaw in the Linux kernel CPU time clocks implementation for the POSIX
  clock interface could allow a local, unprivileged user to cause a denial of
  service. (CVE-2010-4248, Moderate)

• Flaw in the garbage collector for AF_UNIX sockets could allow a local,
  unprivileged user to trigger a denial of service. (CVE-2010-4249, Moderate)

• Missing upper bound integer check in the AIO implementation could allow a
  local, unprivileged user to cause an information leak. (CVE-2010-3067, Low)

• Missing initialization flaws could lead to information leaks.
  (CVE-2010-3298, CVE-2010-3876, CVE-2010-4072, CVE-2010-4073, CVE-2010-4074,
  CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081,
  CVE-2010-4082, CVE-2010-4083, CVE-2010-4158, Low)

• Missing initialization flaw in KVM could allow a privileged host user
  with access to /dev/kvm to cause an information leak. (CVE-2010-4525, Low)

Red Hat would like to thank Andre Osterhues for reporting CVE-2010-2492;
Thomas Pollet for reporting CVE-2010-3865; Dan Rosenberg for reporting
CVE-2010-4160, CVE-2010-3078, CVE-2010-3874, CVE-2010-4162, CVE-2010-4163,
CVE-2010-3298, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077,
CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083,
and CVE-2010-4158; Kosuke Tatsukawa for reporting CVE-2010-4263; Tavis
Ormandy for reporting CVE-2010-3080 and CVE-2010-3067; Kees Cook for
reporting CVE-2010-3861 and CVE-2010-4072; Nelson Elhage for reporting
CVE-2010-3880; Alan Cox for reporting CVE-2010-4242; Vegard Nossum for
reporting CVE-2010-4249; Vasiliy Kulikov for reporting CVE-2010-3876; and
Stephan Mueller of atsec information security for reporting CVE-2010-4525.