[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (2.6.32-48squeeze7)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed Jul 2 13:23:16 PDT 2014
Synopsis: 2.6.32-48squeeze7 can now be patched using Ksplice
CVEs: CVE-2013-6382 CVE-2014-3153
Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian kernel update, 2.6.32-48squeeze7.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2014-3153: Local privilege escalation in futex requeueing.
Invalid parameters to the futex() syscall may break assumptions made in
the kernel and would leave dangling pointers that could be exploited
to gain root privileges.
* Improved fix to 'CVE-2013-6382: Denial-of-service in XFS filesystem ioctls'.
The original vendor fix for CVE-2013-6382 was incomplete and could
result in incorrect attribute lists.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Debian-6.0-Updates
mailing list