[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2011:1212-1)

Tim Abbott tim.abbott at oracle.com
Thu Sep 8 11:59:59 PDT 2011 

Synopsis: RHSA-2011:1212-1 can now be patched using Ksplice
CVEs: CVE-2011-2482 CVE-2011-2491 CVE-2011-2495 CVE-2011-2517
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 5, CentOS 5, Scientific Linux
5, and CentOSPlus 5 can now use Ksplice to patch against the latest
Red Hat Security Advisory, RHSA-2011:1212-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 5, CentOS 5,
Scientific Linux 5, and CentOSPlus 5 install these updates.  You can
install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2011-2482: Remote denial of service vulnerability in SCTP.

A NULL pointer dereference flaw was found in the Linux kernel's Stream
Control Transmission Protocol (SCTP) implementation.  A remote
attacker could send a specially-crafted SCTP packet to a target
system, resulting in a denial of service. (CVE-2011-2482, Important).


* CVE-2011-2495: Information leak in /proc/PID/io.

/proc/[PID]/io is world-readable by default. Previously, these files
could be read without any further restrictions.  A local, unprivileged
user could read these files, belonging to other, possibly privileged
processes to gather confidential information, such as the length of a
password used in a process. (CVE-2011-2495, Low)


* CVE-2011-2517: Buffer overflow in 802.11 netlink interface.

The nl80211_trigger_scan function failed to check for a valid SSID
length, leading to denial of service via buffer
overflow. (CVE-2011-2517, Important).


* Hangs using direct I/O with XFS filesystem.

An error path in the xfs_write function did not correctly unlock the
inode mutex, resulting in hung task timeouts.


* CVE-2011-2491: Local denial of service in NLM subsystem.

A flaw in the client-side NLM implementation could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-2491,
Important)

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.

More information about the Ksplice-EL5-Updates mailing list