[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2010:0723-1)

Nelson Elhage nelhage at ksplice.com
Thu Sep 30 11:29:12 PDT 2010 

Synopsis: RHSA-2010:0723-1 can now be patched using Ksplice
CVEs: CVE-2010-1083 CVE-2010-1173 CVE-2010-2492 CVE-2010-2798 CVE-2010-2942
      CVE-2010-3015
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 5 and CentOS 5 can now use
Ksplice to patch against the latest Red Hat Security Advisory,
RHSA-2010:0723-1.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 5 and CentOS 5 users
install these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2010-2798: Denial of service in GFS2.

Bob Peterson reported an issue in the GFS2 file system. A file system
user could cause a denial of service (Oops) via certain rename
operations. (CVE-2010-2798, Important)


* CVE-2010-2492: Privilege Escalation in eCryptfs.

Andre Osterhues discovered that eCryptfs did not correctly calculate hash
values. A local attacker with certain uids could exploit this to crash the
system or potentially gain root privileges. (CVE-2010-2492, Important)


* Improved fix to CVE-2010-1173.

The original fix to CVE-2010-1173 didn't properly add an append error cause to
the error chunks.


* CVE-2010-3015: Integer overflow in ext4 filesystem.

An integer overflow flaw was found in the ext4_ext_get_blocks()
function. This can trigger a BUG() on certain configurations of ext4
file systems. (CVE-2010-3015, Moderate)


* CVE-2010-1083: Information leak in USB implementation.

An information leak flaw was found in the kernel's USB implementation.
Certain USB errors could result in an uninitialized kernel buffer
being sent to user-space. An attacker with physical access to a target
system could use this flaw to cause an information
leak. (CVE-2010-1083, Low)


* CVE-2010-2942: Information leaks in traffic control dump structures.

Incorrectly initialized structures in the traffic control dump code
may allow the disclosure of 32 bits of kernel memory to userspace
applications.  (CVE-2010-2942, Moderate)

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ksplice-EL5-Updates mailing list