[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2012:1061-1)

[Sasha Levin]

Synopsis: RHSA-2012:1061-1 can now be patched using Ksplice
CVEs: CVE-2012-3375

Systems running Red Hat Enterprise Linux 5 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2012:1061-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 5 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2012-3375: Denial of service due to epoll resource leak in error path.

The upstream fix for CVE-2011-1083 introduced a flaw in the way
the Linux kernel's Event Poll (epoll) subsystem handled resource clean up
when an ELOOP error code was returned. A local, unprivileged user could use
this flaw to cause a denial of service.


* Arithmetic overflow in clock source calculations.

An insufficiently designed calculation in the CPU accelerator in the
previous kernel caused an arithmetic overflow in the sched_clock()
function when system uptime exceeded 208.5 days. This overflow led to
a kernel panic on the systems using the Time Stamp Counter (TSC) or
Virtual Machine Interface (VMI) clock source. This update corrects the
aforementioned calculation so that this arithmetic overflow and kernel
panic can no longer occur under these circumstances.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.