[Ksplice][Fedora-15-updates] New updates available via Ksplice (FEDORA-2011-11995)

[Nelson Elhage]

Synopsis: FEDORA-2011-11995 can now be patched using Ksplice
CVEs: CVE-2011-2928

Systems running Fedora 15 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2011-11995.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 15 install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-2928: Denial of service with too-long symlinks in BeFS.

The befs_follow_link function in the Linux kernel's implementation of
the Be filesystem did not validate the length attribute of long
symlinks, which allowed local users to cause a denial of service
(incorrect pointer dereference and OOPS) by accessing a long symlink
on a malformed Be filesystem.


* Memory corruption on CIFS mounts.

A programming error in the CIFS networked filesystem could result in
a memory corruption error (double-free) when mounting certain
filesystems.


* Buffer overrun in fuse_notify_inval_entry.

The fuse_notify_inval_entry function failed to validate the length of
a requested write, potentially resulting in a denial of service
(kernel BUG).


* CIFS: Fix oops on mount.

Mounting certain CIFS filesystem shares could result in a kernel oops
to an incorrect handling of an error condition.


* Fix unsafe user pointer access in sendmsg.

The sendmsg and sendmmsg system calls did not correctly validate user
pointers before accessing them, resulting in a potential denial of
service (kernel oops).

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.