[Ksplice][EL6-Updates] New updates available via Ksplice (RHSA-2012:1426-1)

Jamie Iles jamie.iles at oracle.com
Thu Nov 8 03:54:56 PST 2012 

Synopsis: RHSA-2012:1426-1 can now be patched using Ksplice
CVEs: CVE-2012-1568 CVE-2012-2133 CVE-2012-3400 CVE-2012-3511

Systems running RHCK on Oracle Linux 6, Red Hat Enterprise Linux 6,
CentOS 6, and Scientific Linux 6 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2012:1426-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on OL 6, RHEL 6, CentOS
6, and Scientific Linux 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel panic in SUNRPC over TCP.

A kernel panic can be triggered when closing a SUNRPC TCP socket.


* Use-after-free in USB.

A race condition that occurs when removing host controllers can
cause a use-after-free if a process is reading the
/sys/kernel/debug/usb/devices when the controller is being removed.


* Race condition in SUNRPC.

A race condition can cause data corruption when closing a SUNRPC socket.


* CVE-2012-3400: Buffer overflow in UDF parsing.

A bug in the kernel's UDF file system driver could be exploited by an
unprivileged local user to crash the system.


* CVE-2012-3511: Use-after-free due to race condition in madvise.

A race condition between munmap and madvise can cause a use-after-free
in the memory management system.


* CVE-2012-1568: A predictable base address with shared libraries and ASLR.

Address space layout randomization (ASLR) is a security method which
involves randomly arranging the positions of key data areas,
usually including the base of the executable and position of libraries,
heap, and stack, in a process's address space.

When running a binary with a lot of shared libraries, predictable base
address is used for one of the loaded libraries. This flaw could be
used to bypass ASLR.


* CVE-2012-2133: Use-after-free in hugetlbfs quota handling.

A use after free bug in the kernel hugetlb code can allow an authenticated,
unprivileged local attacker to crash the system (and possibly gain higher
privileges) if huge pages are enabled in the system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-EL6-Updates mailing list