[Ksplice-cloudlinux6-updates] New updates available via Ksplice (2.6.32-531.11.2.lve1.2.55.el6)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu May 8 06:34:08 PDT 2014 

Synopsis: 2.6.32-531.11.2.lve1.2.55.el6 can now be patched using Ksplice
CVEs: CVE-2013-1860 CVE-2013-2929 CVE-2013-7263 CVE-2013-7265 CVE-2014-0055 CVE-2014-0069 CVE-2014-0101 CVE-2014-2038

Systems running CloudLinux 6 can now use Ksplice to patch against the
latest CloudLinux 6 kernel update, 2.6.32-531.11.2.lve1.2.55.el6.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 6 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Error in the tag insertion logic of the bonding network device.

An error in the tag insertion logic, and bonding handled cases when
a slave device did not have a hardware VLAN acceleration has resulted in
network packets being tagged twice through slave devices without hardware
VLAN tag insertion, and two Solarflare network cards using bonding over a
VLAN did not work properly.


* CVE-2013-2929: Incorrect permissions check in ptrace with dropped privileges.

The ptrace subsystem incorrectly checked the state of the fs.suid_dumpable
sysctl allowing a user to ptrace attach to a process if it had dropped
privileges to that user.


* CVE-2013-7263, CVE-2013-7265: Information leak in IPv4, IPv6 and PhoNet socket recvmsg.

The IPv4, IPv6 and PhoNet recvmsg(2) ioctls do not initialise the length a network
address causing the contents of kernel memory to be disclosed to userspace under
certain circumstances.


* CVE-2014-0101: NULL pointer dereference in SCTP protocol.

A flaw was found in the way Linux kernel processed authenticated
COOKIE_ECHO chunks in SCTP protocol. A remote attacker could use this flaw
to cause a denial-of-service by sending a maliciously prepared SCTP
handshake in order to trigger a NULL pointer dereference on the server.


* Use-after-free in EDAC Intel E752X driver.

Incorrect reference counting in the EDAC Intel E752X driver could lead to a
use-after-free and kernel crash. A local, privileged user could use this
flaw to cause a denial-of-service.


* CVE-2014-0069: Denial-of-service in CIFS filesystem on uncached writes.

A lack of input validation in the CIFS filesystem code could lead to memory
corruption and kernel crash. A local, unprivileged user could use this flaw
to cause a denial-of-service.


* CVE-2014-0055: Denial-of-service in vhost driver when handling rx buffers.

A flaw was found in the way the get_rx_bufs() function in the vhost_net
implementation handled certain error conditions.  A privileged guest user
could use this flaw to crash the host.


* Deadlock in XFS filesystem when removing a inode from namespace.

When removing an inode from a name space on an XFS file system, the file
system could enter a deadlock situation and become unresponsive.


* Memory leak in GFS2 filesystem for files with short lifespan.

A race condition in the GFS2 filesystem could lead to a memory leak for
files with a very short lifespan. A local, unprivileged user could use this
flaw to cause a denial-of-service.


* CVE-2013-1860: Buffer overflow in Wireless Device Management driver.

A malicious USB device can cause a buffer overflow and gain kernel code execution
by sending malformed Wireless Device Management packets.


* Missing check in selinux for IPSec TCP SYN-ACK packets.

Due to a flaw in the selinux code, IPSec TCP SYN-ACK packets could pass-
through without permission checking. An attacker could use this to send or
receive unauthorized traffic.


* Logic error in selinux when checking permissions on recv socket.

Due to a flaw in selinux permission checking, a logic error could lead to
forbidden data coming in.


* Denial-of-service when using network console logging.

A race condition between the network console send operation and the
driver's IRQ handler could lead to out of bounds memory access
resulting in a kernel crash.


* CVE-2014-2038: Data corruption in NFSv4 on concurrent client writes.

A logic error in the NFSv4 code could lead to data corruption when clients
write concurrently to the same file. An attacker could use this flaw to
cause data corruption on mounted NFSv4 filesystem.


* CVE-2013-(726[6789], 727[01], 322[89], 3231): Information leaks in recvmsg.

This fixes:
CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269
CVE-2013-7270, CVE-2013-7271
CVE-2013-3228, CVE-2013-3229
CVE-2013-3231

The recvmsg(2) ioctls in several network devices do not initialize the
length of a network address causing the contents of kernel memory to be
disclosed to userspace due to uninitialized memory leaks under certain
circumstances.


* Kernel crash when bringing network bridge up.

A failure to initialize a variable in the net/bridge code
could lead to an invalid memory reference and kernel crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-CloudLinux6-Updates mailing list