From price at ksplice.com Tue Aug 3 21:05:54 2010 From: price at ksplice.com (Greg Price) Date: Wed, 4 Aug 2010 00:05:54 -0400 Subject: [Ksplice][Fedora-13-Updates] New updates available via Ksplice (FEDORA-2010-11462) In-Reply-To: References: Message-ID: Synopsis: FEDORA-2010-11462 can now be patched using Ksplice CVEs: CVE-2010-2524 Systems running Fedora 13 can now use Ksplice to patch against the latest Fedora security update, FEDORA-2010-11462. INSTALLING THE UPDATES We recommend that all Ksplice Uptrack Fedora 13 users install these updates. ?You can install these updates by running: # uptrack-upgrade -y DESCRIPTION * CVE-2010-2524: False CIFS mount via DNS cache poisoning The dns_resolver upcall used by CIFS was susceptible to cache poisoning. ?An unprivileged user could insert a false entry into the keyring, and then trick the system into mounting a server of their choosing. SUPPORT Ksplice support is available at support at ksplice.com or +1 765-577-5423.