We will be scheduling an important kernel security, bug fixes and enhancement update this weekend.
This would take place as far as possible during the off-peak hours. A reboot is required to complete the upgrade. The downtime should not exceed 30 minutes and it will be minimize as much as possible. We will track each server till it returns to service after the upgrade and reboot.
This upgrade is scheduled as follows:
Date: 21 April 2012 (Saturday) to 23 April 2012 (Monday)
Time: Between 2AM and 8AM EST#
Kernel security, bug fixes and enhancement update
Details of Kernel security, bug fixes and enhancement update
* A flaw in the xfrm6_tunnel_rcv() function in the Linux kernel's IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv(). A remote attacker could use this flaw to send
specially-crafted packets to a target system that is using IPv6 and also has the xfrm6_tunnel kernel module loaded, causing it to crash. (CVE-2012-1583, Important)
If you do not run applications that use xfrm6_tunnel, you can prevent the xfrm6_tunnel module from being loaded by creating (as the root user) a "/etc/modprobe.d/xfrm6_tunnel.conf" file, and adding the following line to it:
blacklist xfrm6_tunnel
This way, the xfrm6_tunnel module cannot be loaded accidentally. A reboot is not necessary for this change to take effect.
This update also fixes various bugs and adds an enhancement. Details of the bug fixes and enhancement will be made available upon request.
Ref: RHSA-2012:0480-1
Quinta-feira, Abril 19, 2012
Powered by WHMCompleteSolution
