[Ksplice][CloudLinux 5 Updates] New updates available via Ksplice (2.6.18-408.el5.lve0.8.58)

[Jamie Iles]

Synopsis: 2.6.18-408.el5.lve0.8.58 can now be patched using Ksplice
CVEs: CVE-2011-1083

Systems running CloudLinux 5 can now use Ksplice to patch against the
latest CloudLinux 5 kernel, 2.6.18-408.el5.lve0.8.58.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 5 install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-1083: Algorithmic denial of service in epoll.

A flaw was found in the way the Linux kernel's Event Poll (epoll)
subsystem handled large, nested epoll structures. A local,
unprivileged user could use this flaw to cause a denial of service.


* Incorrect permissions checks in dmesg_restrict sysctl.

An incorrect permissions check prevented guests from accessing the
kernel log buffer and dmesg facilities resulting in syslog access
failures.


* Denial of service in persistent tun devices.

The check preventing a persistent tunnel device from being created from
inside a container caused a networking mutex to be incorrectly held
resulting in a system hang and denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.