[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2012:1540)
Jamie Iles
jamie.iles at oracle.com
Thu Dec 6 09:00:33 PST 2012
Synopsis: RHSA-2012:1540 can now be patched using Ksplice
CVEs: CVE-2012-2372 CVE-2012-3552 CVE-2012-4508
Systems running Red Hat Enterprise Linux 5 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2012:1540.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on RHEL 5 install these
updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2012-2372: Denial of service in Reliable Datagram Sockets protocol.
A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS)
protocol implementation. A local, unprivileged user could use this flaw
to cause a denial of service.
* CVE-2012-3552: Denial-of-service in IP options handling.
Missing locking around IP options for a socket could allow an attacker
to trigger a use-after-free condition resulting in a kernel crash.
Under certain conditions this could be exploitable by a remote user.
* CVE-2012-4508: Stale data exposure in ext4.
A race condition in the usage of asynchronous IO and fallocate on an ext4
filesystem could lead to exposure of stale data from a deleted file. An
unprivileged local user could use this flaw to read privileged information.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-RHEL5-Updates
mailing list