[Ksplice][RHEL 4 Updates] New updates available via Ksplice (RHSA-2010:0606-1)
Tim Abbott
tabbott at ksplice.com
Sat Aug 7 23:36:13 PDT 2010
Synopsis: RHSA-2010:0606-1 can now be patched using Ksplice
CVEs: CVE-2010-2248 CVE-2010-2521
Red Hat Security Advisory Severity: Important
Systems running Red Hat Enterprise Linux 4 and CentOS 4 can now use
Ksplice to patch against the latest Red Hat Security Advisory,
RHSA-2010:0606-1.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack RHEL 4 and CentOS 4 users
install these updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-2248: Remote denial of service in CIFS client.
A flaw was found in the CIFSSMBWrite() function in the Linux kernel
Common Internet File System (CIFS) implementation. A remote attacker
could send a specially-crafted SMB response packet to a target CIFS
client, resulting in a kernel panic. (CVE-2010-2248, Important).
* CVE-2010-2521: Remote buffer overflow in NFSv4 server.
Buffer overflow flaws were found in the Linux kernel's implementation
of the server-side External Data Representation (XDR) for the Network
File System (NFS) version 4. An attacker on the local network could
send a specially-crafted large compound request to the NFSv4 server,
which could possibly result in a kernel panic (denial of service) or,
potentially, code execution. (CVE-2010-2521, Important).
* Kernel panic caused by incorrect reference counting in NFS server.
The rpc_call_async() function in the SUN Remote Procedure Call (RPC)
subsystem in the Linux kernel had a reference counting bug. In certain
situations, some Network Lock Manager (NLM) messages may have
triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel
panic (with "kernel BUG at fs/lockd/host.c:[xxx]!" logged to
"/var/log/messages").
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the RHEL4-Updates
mailing list