[Ksplice][Debian 6.0 Updates] New updates available via Ksplice (DSA-2906-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Mon Apr 28 01:26:42 PDT 2014 

Synopsis: DSA-2906-1 can now be patched using Ksplice
CVEs: CVE-2013-0343 CVE-2013-2147 CVE-2013-2889 CVE-2013-2893 CVE-2013-2929 CVE-2013-4162 CVE-2013-4299 CVE-2013-4345 CVE-2013-4587 CVE-2013-4588 CVE-2013-6367 CVE-2013-6378 CVE-2013-6380 CVE-2013-6382 CVE-2013-6383 CVE-2013-7263 CVE-2013-7265 CVE-2014-0101 CVE-2014-1444 CVE-2014-1445 CVE-2014-1446 CVE-2014-1874 CVE-2014-2523 CVE-2014-2678

Systems running Debian 6.0 Squeeze can now use Ksplice to patch
against the latest Debian Security Advisory, DSA-2906-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 6.0 Squeeze
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-2147: Kernel memory leak in HP and Compaq controllers.

Missing initialization of a returned result in the HP Smart Array and
Compaq SMART2 controllers could leak internal kernel memory back to
userspace.


* CVE-2013-2889: Memory corruption in Zeroplus HID driver.

The Zeroplus game controller device driver does not correctly validate
data from devices allowing a malicious device to cause kernel memory
corruption and potentially gain kernel code execution.


* CVE-2013-2893: Memory corruption in Logitech force feedback devices.

The Logitech force feedback driver does not correctly validate data from devices
allowing a malicious device to cause kernel memory corruption and potentially
gain kernel code execution.


* CVE-2013-0343: Denial of service in IPv6 privacy extensions.

A malicious remote user can disable IPv6 privacy extensions by flooding the host
with malicious temporary addresses.


* CVE-2013-4162: Denial-of-service with IPv6 sockets with UDP_CORK.

When pushing pending frames in IPv6 udp code, an incorrect function call can
be made. This allows local users to cause a denial of service (BUG and system
crash) via a crafted application that uses the UDP_CORK option in a
setsockopt system call.


* CVE-2013-4299: Information leak in device mapper persistent snapshots.

An information leak flaw was found in the way Linux kernel's device
mapper subsystem, under certain conditions, interpreted data written to
snapshot block devices. An attacker could use this flaw to read data
from disk blocks in free space, which are normally inaccessible.


* CVE-2013-4345: Off-by-one in the ANSI Crypto RNG.

An off-by-one flaw was found in the way the ANSI CPRNG implementation in
the Linux kernel processed non-block size aligned requests. This could lead
to random numbers being generated with less bits of entropy than expected
when ANSI CPRNG was used.


* CVE-2013-4587: Privilege escalation in KVM when creating VCPU.

A lack of input validation in the KVM code when creating a VCPU could lead
to an out-of-bounds memory write. A local user could use this flaw to cause
a kernel crash or potentially escalate privileges.


* CVE-2013-4588: Buffer overflow in ipvs.

Missing boundary checks in the ipvs code could allow local users to gain
privileges when CONFIG_IP_VS is used by leveraging the CAP_NET_ADMIN
capability for a get- or setsockopt system call.


* CVE-2013-6378: Denial-of-service in Marvell 8xxx Libertas WLAN driver.

Incorrect validation of user supplied data in the Marvell 8xxx Libertas
WLAN driver could allow a privileged user to trigger an invalid pointer
dereference and crash the system.


* CVE-2013-6380: Denial-of-service in Adaptec RAID driver.

Incorrect memory allocations in the Adaptec RAID driver could result in
dereferencing an invalid pointer allowing a local user with the
CAP_SYS_ADMIN privilege to crash the system.


* CVE-2013-6383: Missing capability check in AAC RAID compatibility ioctl.

A missing capability check in the AAC RAID compatibility ioctl allows local users
to gain elevated privileges.


* CVE-2013-7263, CVE-2013-7265: Information leak in IPv4, IPv6 and PhoNet socket recvmsg.

The IPv4, IPv6 and PhoNet recvmsg(2) ioctls do not initialise the length a network
address causing the contents of kernel memory to be disclosed to userspace under
certain circumstances.


* CVE-2013-2929: Incorrect permissions check in ptrace with dropped privileges.

The ptrace subsystem incorrectly checked the state of the fs.suid_dumpable
sysctl allowing a user to ptrace attach to a process if it had dropped
privileges to that user.


* CVE-2013-6367: Divide-by-zero in KVM LAPIC.

A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's
Local Advanced Programmable Interrupt Controller (LAPIC) implementation.
A privileged guest user could use this flaw to crash the host.


* CVE-2013-6382: Denial-of-service in XFS filesystem ioctls.

Multiple buffer underflows in the XFS implementation in the Linux kernel
could allow local users with the CAP_SYS_ADMIN capability to cause a
denial of service (memory corruption) or possibly have unspecified other
impact.


* CVE-2014-1444: Information leak in FarSync network driver ioctl.

The SIOCWANDEV ioctl in the FarSync T-Series network driver does not initialise
memory before returning data to userspace, causing the contents of kernel memory
to be leaked to userspace.


* CVE-2014-1445: Information leak in wanXL IF_GET_IFACE ioctl.

The SBE wanXL network driver does not initialise memory when handling the
IF_GET_IFACE ioctl causing the contents of kernel memory to be leaked to
userspace.


* CVE-2014-1446: Information leak YAM radio modem ioctl.

The YAM radio modem driver does not initialise kernel memory when processing the
SIOCYAMGCFG ioctl, leading to the contents of kernel memory being leaked to
userspace.


* CVE-2014-0101: SCTP Null Pointer Dereference vulnerability.

The SCTP module failed to validate fields before making an authenticate
call, which a remote attacker could use to cause a denial-of-service.


* CVE-2014-1874: Denial-of-service in SELinux on empty security context.

Incorrect input validation in the SELinux subsystem could lead to a NULL
pointer dereference. A local, privileged user could use this flaw to cause
a denial-of-service.


* CVE-2014-2523: Remote crash via DCCP conntrack.

A flaw in the dccp protocol could allow a remote user to cause a crash
resulting in a denial-of-service.


* CVE-2014-2678: NULL pointer dereference in RDS protocol when binding.

A missing check in the wireless RDS protocol leads to a NULL pointer
dereference when there is no device. A local, unprivileged user could use
this flaw to cause a NULL pointer dereference and denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Debian-6.0-Updates mailing list