[Ksplice][RHEL 4 Updates] New updates available via Ksplice (RHSA-2010:0779-01)
Tim Abbott
tabbott at ksplice.com
Fri Oct 22 13:37:26 PDT 2010
Synopsis: RHSA-2010:0779-01 can now be patched using Ksplice
CVEs: CVE-2010-2942 CVE-2010-3067 CVE-2010-3477
Red Hat Security Advisory Severity: Moderate
Systems running Red Hat Enterprise Linux 4, CentOS 4, and CentOSPlus 4 can
now use Ksplice to patch against the latest Red Hat Security Advisory,
RHSA-2010:0779-01.
INSTALLING THE UPDATES
We recommend that all Ksplice Uptrack RHEL 4, CentOS 4, and CentOSPlus 4
users install these updates. You can install these updates by running:
# uptrack-upgrade -y
DESCRIPTION
* CVE-2010-3067: Information leak in do_io_submit()
An integer overflow error in the do_io_submit function could be used by
userspace processes to read kernel memory.
* CVE-2010-3477: Kernel information leak in act_police.
Incorrectly initialized structures in the traffic control dump code may
allow the disclosure of kernel memory to userspace applications. This is a
similar issue to CVE-2010-2942.
* CVE-2010-2942: Information leaks in traffic control dump structures.
Incorrectly initialized structures in the traffic control dump code may
allow the disclosure of 32 bits of kernel memory to userspace
applications.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the RHEL4-Updates
mailing list