[Ksplice][EL6-Updates] New updates available via Ksplice (RHSA-2013:1173)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Aug 29 03:19:44 PDT 2013 

Synopsis: RHSA-2013:1173 can now be patched using Ksplice
CVEs: CVE-2012-6544 CVE-2013-2146 CVE-2013-2206 CVE-2013-2224 CVE-2013-2232 CVE-2013-2237

Systems running RHCK on Oracle Linux 6, Red Hat Enterprise Linux 6,
CentOS 6, and Scientific Linux 6 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2013:1173.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on OL 6, RHEL 6, CentOS
6, and Scientific Linux 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-2224: Denial of service in sendmsg().

An invalid free used while sending a message with the sendmsg(2) call with
IP_RETOPTS set could lead to a kernel crash.  This could be exploited by a
malicious user to cause a denial of service or possibly allow arbitrary code
execution.


* CVE-2013-2206: NULL pointer dereference in SCTP duplicate cookie handling.

A flaw was found in the way the Linux kernel's Stream Control
Transmission Protocol (SCTP) implementation handled duplicate cookies.
If a local user queried SCTP connection information at the same time a
remote attacker has initialized a crafted SCTP connection to the system,
it could trigger a NULL pointer dereference, causing the system to
crash.


* CVE-2013-2232: Memory corruption in IPv6 routing cache.

Connecting an IPv6 socket to an IPv4 destination can cause IPv4 routing
information to be placed in the IPv6 routing cache causing memory corruption
and a kernel panic.


* CVE-2012-6544: Information leak in Bluetooth L2CAP socket name.

A malicious user can disclose the contents of kernel memory by calling
getsockname() on an Bluetooth L2CAP socket.


* CVE-2013-2237: Information leak on IPSec key socket.

Incorrect initialization on policy flushing could leak kernel stack
bytes to userspace.


* CVE-2013-2146: Denial of service in access to reserved performance MSRs.

On systems with certain Intel processors, a local, unprivileged user could
use this flaw to cause a denial of service by leveraging the perf subsystem
to write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1
model-specific registers.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-EL6-Updates mailing list