[Ksplice][Fedora-14-Updates] New updates available via Ksplice (FEDORA-2011-15241)
Anders Kaseorg
anders.kaseorg at oracle.com
Fri Nov 4 16:42:17 PDT 2011
Synopsis: FEDORA-2011-15241 can now be patched using Ksplice
CVEs: CVE-2011-2699 CVE-2011-4077 CVE-2011-4081
Systems running Fedora 14 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2011-15241.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 14 install
these updates. You can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* CVE-2011-4077: Buffer overflow in xfs_readlink.
A flaw in the way the XFS filesystem implementation handled links with
pathnames larger than MAXPATHLEN allowed an attacker to mount a
malicious XFS image that could crash the system or result in privilege
escalation.
* Improved fix for CVE-2011-2699.
Fedora's original fix for CVE-2011-2699 introduced a NULL dereference in
udp6_ufo_fragment.
* CVE-2011-4081: NULL pointer dereference in GHASH cryptographic algorithm.
Nick Bowler reported an issue in the GHASH message digest algorithm.
ghash_update can pass a NULL pointer to gf128mul_4k_lle in some cases,
leading to a NULL pointer dereference (kernel OOPS).
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Ksplice-Fedora-14-Updates
mailing list