[Ksplice][RHEL 4 Updates] New updates available via Ksplice (RHSA-2010:0020-01)

[Nelson Elhage]

Synopsis: RHSA-2010:0020-01 can now be patched using Ksplice
CVEs: CVE-2009-4536 CVE-2009-4537 CVE-2009-4538
Red Hat Security Advisory Severity: Important

Systems running Red Hat Enterprise Linux 4 and CentOS 4 can now use
Ksplice to patch against the latest Red Hat Security Advisory,
RHSA-2010:0020-01.

INSTALLING THE UPDATES

We recommend that all Ksplice Uptrack RHEL 4 and CentOS 4 users
install these updates.  You can install these updates by running:

# uptrack-upgrade -y

DESCRIPTION

* CVE-2009-4538: Denial of service in e1000e driver.

The e1000e driver did not properly handle packets which span multiple
receive buffers, which could be potentially be exploited by a remote
attacker to lead to memory corruption and denial of service.


* CVE-2009-4536: Denial of service in e1000 driver.

The e1000 driver did not properly handle packets which span multiple
receive buffers, which could be potentially be exploited by a remote
attacker to lead to memory corruption and denial of service.


* CVE-2009-4537: Buffer underflow in r8169 driver.

The r8169 driver did not correctly handle certain large packets, which
could potentially be exploited to lead to remote arbitrary code
execution.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.