[Ksplice][RHEL6-Updates] New updates available via Ksplice (RHSA-2011:0928-1)

[Nelson Elhage]

Synopsis: RHSA-2011:0928-1 can now be patched using Ksplice
CVEs: CVE-2011-1767 CVE-2011-1768 CVE-2011-2479
Red Hat Security Advisory Severity: Moderate

Systems running Red Hat Enterprise Linux 6, CentOS 6, and Scientific
Linux 6 can now use Ksplice to patch against the latest Red Hat
Security Advisory, RHSA-2011:0928-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 6, CentOS 6,
and Scientific Linux 6 install these updates.  You can install these
updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-1767: Incorrect initialization order in ip_gre.

The ip_gre module initializes structures out of order, resulting in a possible
denial of service (kernel oops) if a packet arrives during certain intervals
while the module is being loaded. (CVE-2011-1767, Moderate)


* CVE-2011-1768: Incorrect initialization order in IP tunnel protocols.

Multiple IP tunnel protocols initialized data structures out of order, resulting
in a possible denial of service (kernel oops) if a packet arrives during certain
intervals while the module is being loaded. (CVE-2011-1768, Moderate)


* CVE-2011-2479: Denial of service with transparent hugepages and /dev/zero.

It was found that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" would
create transparent hugepages and trigger a certain robustness check.  A local,
unprivileged user could use this flaw to cause a denial of
service. (CVE-2011-2479, Moderate)

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.