[Ksplice][Uptrack-Announce-RHEL] User space Linux vulnerability CVE-2010-3847

[Tim Abbott]

Dear Ksplice Uptrack subscriber,

Several customers have asked us recently about CVE-2010-3847, a new user 
space Linux vulnerability.

As a courtesy, we are able to provide some information and assistance on 
this non-kernel vulnerability.

The underlying bug in GNU libc (glibc) can be used to gain root access 
given a local account, and an exploit for the vulnerability has been 
publicly released. We understand that major Linux distributions, including 
Red Hat Enterprise Linux and CentOS, are currently preparing updated glibc 
packages.

We wanted to reach out and let you know that Ksplice has prepared patched 
glibc packages for the Red Hat Enterprise Linux 5 and CentOS 5 
distributions available immediately, as a courtesy to administrators 
concerned about the vulnerability. Customers who want to patch this 
vulnerability now, in advance of a release by their Linux distribution, 
may do so from our updated packages. We understand major vendors' updates 
will be based on the same patch.  Ksplice will support these patched glibc 
packages until vendor-supplied packages become available.

To install the patched glibc packages for Red Hat Enterprise Linux 5 and 
CentOS 5, please visit <https://www.ksplice.com/cve-2010-3847> and follow 
the instructions.  There is no need to reboot the system or restart any 
system daemons.  Please note that these packages are not part of the 
Ksplice Uptrack service and do not affect the Linux kernel.

Please note that RHEL/CentOS 4 is not vulnerable to this issue.  For more 
information on the impact of this vulnerability on other Linux 
distributions, please visit <https://www.ksplice.com/cve-2010-3847>.

Please let us know if you have any questions, or if there's anything we 
can do to help. 

Ksplice support is available at support at ksplice.com or +1 765-577-5423.