[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2010:0020-02)

[Nelson Elhage]

Synopsis: RHSA-2010:0020-02 can now be patched using Ksplice
CVEs: CVE-2007-4567 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 5 and CentOS 5 can now use
Ksplice to patch against the latest Red Hat Security Advisory,
RHSA-2010:0020-02

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 5 and CentOS 5 users
install these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2009-4536: Denial of service in e1000 driver.

The e1000 driver did not properly handle packets which span multiple
receive buffers, which could be potentially be exploited by a remote
attacker to lead to memory corruption and denial of service.


* CVE-2009-4537: Buffer underflow in r8169 driver.

The r8169 driver did not correctly handle certain large packets, which
could potentially be exploited to lead to remote arbitrary code
execution.


* CVE-2009-4538: Denial of service in e1000e driver.

The e1000e driver did not properly handle packets which span multiple
receive buffers, which could be potentially be exploited by a remote
attacker to lead to memory corruption and denial of service.


* CVE-2007-4567: Remote denial of service in IPv6

The Linux kernel did not properly validate the hop-by-hop IPv6
extended header, which allowed remote attackers to cause a denial of
service (kernel panic) via a crafted IPv6 packet.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.