[Ksplice-cloudlinux6-updates] New updates available via Ksplice (2.6.32-531.17.1.lve1.2.56.el6)

[Oracle Ksplice]

Synopsis: 2.6.32-531.17.1.lve1.2.56.el6 can now be patched using Ksplice
CVEs: CVE-2013-6383 CVE-2014-0077 CVE-2014-0196 CVE-2014-1737 CVE-2014-1738

Systems running CloudLinux 6 can now use Ksplice to patch against the
latest CloudLinux 6 kernel update, 2.6.32-531.17.1.lve1.2.56.el6.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 6 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-6383: Missing capability check in AAC RAID compatibility ioctl.

A missing capability check in the AAC RAID compatibility ioctl allows
local users to gain elevated privileges.


* CVE-2014-0077: Kernel panic when receiving short packets in virtio networking.

Missing data validation when receiving truncated packets in the virtual networking
subsystem can cause the kernel to dereference an invalid pointer triggering a
kernel panic.


* CVE-2014-0196: Pseudo TTY device write buffer handling race.

A race in how the pseudo ttyp (pty) device handled device writes when
two threads/processes wrote to the same pty, the buffer end could be
overwritten. An attacker could use this to cause a denial-of-service or
gain root privileges.


* Denial-of-service with raw sockets.

A missing check to verify a socket is SOCK_STREAM instead of
raw in tcp_set_keepalive can cause a kernel crash.  This could be
used to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.