[Ksplice-cloudlinux6-updates] New updates available via Ksplice (2.6.32-379.22.1.lve1.2.17.el6)

Wed Apr 10 10:40:24 PDT 2013

Synopsis: 2.6.32-379.22.1.lve1.2.17.el6 can now be patched using Ksplice
CVEs: CVE-2012-4508 CVE-2012-4542 CVE-2013-0190 CVE-2013-0268 CVE-2013-0310 CVE-2013-0311 CVE-2013-1767

Systems running CloudLinux 6 can now use Ksplice to patch against the
latest CloudLinux 6 kernel update, 2.6.32-379.22.1.lve1.2.17.el6.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 6 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2013-0190: stack corruption with Xen 32-bit paravirtualied guests.

Incorrect manipulation of the stack pointer in the error path for iret
failure with a 32-bit paravirtualized guest could result in stack
corruption.  This could be triggered by an unprivileged user in the
guest to cause a denial-of-service.

* CVE-2013-0310: NULL pointer dereference in CIPSO socket options.

Adding a CIPSO option to a socket could result in a NULL pointer
dereference and kernel crash under specific conditions.

* CVE-2013-0311: Privilege escalation in vhost descriptor management.

Incorrect handling of vhost descriptors that crossed regions could allow
a privileged guest user to crash the host or possibly escalate
privileges inside the host.

* CVE-2012-4508: Stale data exposure in ext4.

A race condition in the usage of asynchronous IO and fallocate on an ext4
filesystem could lead to exposure of stale data from a deleted file. An
unprivileged local user could use this flaw to read privileged information.

* CVE-2012-4542: SCSI command filter does not restrict access to read-only devices.

The default SCSI command filter does not accommodate commands that overlap across
device classes. A privileged guest user could potentially use this flaw to write
arbitrary data to a LUN that is passed-through as read-only.

* CVE-2013-0268: /dev/cpu/*/msr local privilege escalation.

Access to /dev/cpu/*/msr was protected only using filesystem
checks. A local uid 0 (root) user with all capabilities dropped
could use this flaw to execute arbitrary code in kernel mode.

* Denial-of-service on NFS volumes.

Incorrect locking could cause all operations on a NFS volume to hang,
which could potentially be used to cause a denial-of-service.

* CVE-2013-1767: Use-after-free in tmpfs mempolicy remount.

If a tempfs mount that was originally mounted with the mpol=M
option is remounted it reuses the already freed mempolicy object.

* Kernel panic in NFS on kernels compiled without NFS quota.

On kernels compiled without quota support, NFS inode deletions could lead
to a kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.