[Ksplice][Uptrack-Announce-RHEL] User space Linux vulnerability CVE-2010-3847
Tim Abbott
tabbott at ksplice.com
Wed Oct 20 14:49:10 PDT 2010
Dear Ksplice Uptrack subscriber,
Several customers have asked us recently about CVE-2010-3847, a new user
space Linux vulnerability.
As a courtesy, we are able to provide some information and assistance on
this non-kernel vulnerability.
The underlying bug in GNU libc (glibc) can be used to gain root access
given a local account, and an exploit for the vulnerability has been
publicly released. We understand that major Linux distributions, including
Red Hat Enterprise Linux and CentOS, are currently preparing updated glibc
packages.
We wanted to reach out and let you know that Ksplice has prepared patched
glibc packages for the Red Hat Enterprise Linux 5 and CentOS 5
distributions available immediately, as a courtesy to administrators
concerned about the vulnerability. Customers who want to patch this
vulnerability now, in advance of a release by their Linux distribution,
may do so from our updated packages. We understand major vendors' updates
will be based on the same patch. Ksplice will support these patched glibc
packages until vendor-supplied packages become available.
To install the patched glibc packages for Red Hat Enterprise Linux 5 and
CentOS 5, please visit <https://www.ksplice.com/cve-2010-3847> and follow
the instructions. There is no need to reboot the system or restart any
system daemons. Please note that these packages are not part of the
Ksplice Uptrack service and do not affect the Linux kernel.
Please note that RHEL/CentOS 4 is not vulnerable to this issue. For more
information on the impact of this vulnerability on other Linux
distributions, please visit <https://www.ksplice.com/cve-2010-3847>.
Please let us know if you have any questions, or if there's anything we
can do to help.
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Uptrack-Announce-RHEL
mailing list