[Ksplice][RHEL6-Updates] New updates available via Ksplice (RHSA-2011:0928-1)
Nelson Elhage
nelhage at ksplice.com
Wed Jul 13 08:44:28 PDT 2011
Synopsis: RHSA-2011:0928-1 can now be patched using Ksplice
CVEs: CVE-2011-1767 CVE-2011-1768 CVE-2011-2479
Red Hat Security Advisory Severity: Moderate
Systems running Red Hat Enterprise Linux 6, CentOS 6, and Scientific
Linux 6 can now use Ksplice to patch against the latest Red Hat
Security Advisory, RHSA-2011:0928-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on RHEL 6, CentOS 6,
and Scientific Linux 6 install these updates. You can install these
updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* CVE-2011-1767: Incorrect initialization order in ip_gre.
The ip_gre module initializes structures out of order, resulting in a possible
denial of service (kernel oops) if a packet arrives during certain intervals
while the module is being loaded. (CVE-2011-1767, Moderate)
* CVE-2011-1768: Incorrect initialization order in IP tunnel protocols.
Multiple IP tunnel protocols initialized data structures out of order, resulting
in a possible denial of service (kernel oops) if a packet arrives during certain
intervals while the module is being loaded. (CVE-2011-1768, Moderate)
* CVE-2011-2479: Denial of service with transparent hugepages and /dev/zero.
It was found that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" would
create transparent hugepages and trigger a certain robustness check. A local,
unprivileged user could use this flaw to cause a denial of
service. (CVE-2011-2479, Moderate)
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ksplice-EL6-Updates
mailing list