[Ksplice][Fedora-15-updates] New updates available via Ksplice (FEDORA-2011-11995)
Nelson Elhage
nelson.elhage at oracle.com
Thu Sep 8 14:07:17 PDT 2011
Synopsis: FEDORA-2011-11995 can now be patched using Ksplice
CVEs: CVE-2011-2928
Systems running Fedora 15 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2011-11995.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 15 install
these updates. You can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* CVE-2011-2928: Denial of service with too-long symlinks in BeFS.
The befs_follow_link function in the Linux kernel's implementation of
the Be filesystem did not validate the length attribute of long
symlinks, which allowed local users to cause a denial of service
(incorrect pointer dereference and OOPS) by accessing a long symlink
on a malformed Be filesystem.
* Memory corruption on CIFS mounts.
A programming error in the CIFS networked filesystem could result in
a memory corruption error (double-free) when mounting certain
filesystems.
* Buffer overrun in fuse_notify_inval_entry.
The fuse_notify_inval_entry function failed to validate the length of
a requested write, potentially resulting in a denial of service
(kernel BUG).
* CIFS: Fix oops on mount.
Mounting certain CIFS filesystem shares could result in a kernel oops
to an incorrect handling of an error condition.
* Fix unsafe user pointer access in sendmsg.
The sendmsg and sendmmsg system calls did not correctly validate user
pointers before accessing them, resulting in a potential denial of
service (kernel oops).
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Fedora-15-Updates
mailing list