[El-errata] New updates available via Ksplice (ELSA-2012-1540-1)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Dec 7 07:54:55 PST 2012
Synopsis: ELSA-2012-1540-1 can now be patched using Ksplice
CVEs: CVE-2012-2372 CVE-2012-3552 CVE-2012-4508
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2012-1540-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on EL 5 install these
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2012-2372: Denial of service in Reliable Datagram Sockets protocol.
A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS)
protocol implementation. A local, unprivileged user could use this flaw
to cause a denial of service.
* CVE-2012-3552: Denial-of-service in IP options handling.
Missing locking around IP options for a socket could allow an attacker
to trigger a use-after-free condition resulting in a kernel crash.
Under certain conditions this could be exploitable by a remote user.
* CVE-2012-4508: Stale data exposure in ext4.
A race condition in the usage of asynchronous IO and fallocate on an ext4
filesystem could lead to exposure of stale data from a deleted file. An
unprivileged local user could use this flaw to read privileged information.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata