[Ksplice][RHEL 4 Updates] New updates available via Ksplice (RHSA-2009:1671-1)

[Nelson Elhage]

Synopsis: RHSA-2009:1671-1 can now be patched using Ksplice
CVEs: CVE-2009-3620 CVE-2009-3621 CVE-2009-3613
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 4 and CentOS 4 can now use
Ksplice to patch against the latest Red Hat Security Advisory,
RHSA-2009:1671-1


INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 4 and CentOS 4 users
install these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2009-3613: Remote denial of service in r8169 driver.

A programming error in the r8169 driver could result in the Linux
kernel leaking PCI device resources, leading to a denial of service
attack.

* ipv4: make ip_append_data() handle NULL routing table.

A check has been added to the IPv4 code to make sure that the routing
table data structure, rt, is not NULL, to help prevent future bugs in
functions that call ip_append_data() from being exploitable.

* CVE-2009-3621: Denial of service shutting down abstract-namespace sockets.

Local users can cause a denial of service (system hang) by creating an
abstract-namespace AF_UNIX listening socket, performing a shutdown
operation on this socket, and then performing a series of connect
operations to this socket.

* CVE-2009-3620: NULL pointer dereference in ATI Rage 128 driver.

The ATI Rage 128 (aka r128) driver in the Linux kernel does not
properly verify Concurrent Command Engine (CCE) state initialization,
which allows local users to cause a denial of service or privilege
escalation.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.