Andrew,


On Sun, 9 Aug 2009, Dr Andrew C Aitchison wrote:

> On Sat, 8 Aug 2009, Connie Sieh wrote:
>
>> Synopsis:          Important: kernel
>> CVE Names:         CVE-2007-5966 CVE-2009-1385 CVE-2009-1388
>>                      CVE-2009-1389 CVE-2009-1895 CVE-2009-2406
>>                      CVE-2009-2407
>>
>>     CVE-2007-5966 kernel: non-root can trigger cpu_idle soft lockup
>>     CVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service
>>     CVE-2009-1388 kernel: do_coredump() vs ptrace_start() deadlock
>>     CVE-2009-1389 kernel: r8169: fix crash when large packets are received
>>     CVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID
>>     CVE-2009-2406 kernel: ecryptfs stack overflow in parse_tag_11_packet()
>>     CVE-2009-2407 kernel: ecryptfs heap overflow in parse_tag_3_packet()
>
>
>> SRPMS:
>>      kernel-2.6.18-128.4.1.el5.src.rpm
>
> Thanks.
>
> Do you have an ETA for the glibc bugfix

The glibc is already built.  I will get it out soon.

> https://rhn.redhat.com/errata/RHBA-2009-1202.html
> or for Firefox 3.0.13
> http://www.mozilla.org/security/known-vulnerabilities/firefox30.html

Do not know if the latest firefox that was released 1.5 weeks ago has this 
fix.  You can check the changelog on the firefox rpm for the CVE's that it 
fixed.   I am actually on vacation right now and have to checkout of the 
hotel in 5 minutes so do not have time to check for you.

   rpm -q --changelog firefox

-connie
  > ? >
> If either or both is expected soon I would like to avoid
> three reboots of 100 workstations.
>
> (No, I don't *need* to reboot for either of these. The glibc
> update could wait until the machine reboots for some other reason.
> The kernel reboot would be a good way to force users to quit their
> running firefox and run the new, more secure version.)
>
> Thanks,
>
> -- 
> Dr. Andrew C. Aitchison		Computer Officer, DPMMS, Cambridge
> [log in to unmask]	http://www.dpmms.cam.ac.uk/~werdna
>