[Ksplice][EL6-Updates] New updates available via Ksplice (RHSA-2013:1051-1)

Thu Jul 18 05:29:09 PDT 2013

Synopsis: RHSA-2013:1051-1 can now be patched using Ksplice
CVEs: CVE-2012-6548 CVE-2013-0914 CVE-2013-1848 CVE-2013-2128 CVE-2013-2634 CVE-2013-2852 CVE-2013-3222 CVE-2013-3224 CVE-2013-3225 CVE-2013-3301

Systems running RHCK on Oracle Linux 6, Red Hat Enterprise Linux 6,
CentOS 6, and Scientific Linux 6 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2013:1051-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on OL 6, RHEL 6, CentOS
6, and Scientific Linux 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2012-6548: Information leak in UDF export.

A malicious can disclose the contents of kernel memory by exporting
a filehandle from a UDF filesystem.

* CVE-2013-0914: Information leak in signal handlers.

A logic error in the handling of signal handlers allows a child process to
leak information about the memory layout of parent processes.

* CVE-2013-1848: Format string vulnerability in ext3 mounting.

The ext3 file-system driver incorrectly uses an argument from userspace as a
format string allowing local users with the ability to mount ext3 filesystems
to corrupt kernel memory and gain privileged execution.

* CVE-2013-2852: Invalid format string usage in Broadcom B43 wireless driver.

Format string vulnerability in the b43_request_firmware function
in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4
allows local users to gain privileges by leveraging root access and
including format string specifiers in an fwpostfix modprobe parameter,
leading to improper construction of an error message.

* CVE-2013-3222: Kernel stack information leak in ATM sockets.

Missing data clearing operations could allow an unprivileged user to
leak kernel stack memory to userspace.

* CVE-2013-3224: Kernel stack information leak in Bluetooth sockets.

Receiving messages from a bluetooth socket whilst the socket is
simultaneously being shut down could leak kernel stack bytes to
userspace allowing a local user to gain information about the running
kernel.

* CVE-2013-3225: Kernel stack information leak in Bluetooth rfcomm.

Missing data clearing operations could allow a local user to leak kernel
stack memory to userspace.

* CVE-2013-3301: NULL pointer dereference in tracing sysfs files.

The tracing sysfs files did not correctly allow seeking on a file opened
for writing, allowing a priviliged user to crash the system.

* CVE-2013-2634, 2635: Kernel leak in data center bridging and netlink.

The dcb netlink interface and the rtnetlink interface leak stack memory in
various places.

* CVE-2013-2128: Denial of service in TCP splice.

The tcp_read_sock function in tcp.c does not properly manage skb consumption,
which allows local users to cause a denial of service (system crash) via a
crafted splice system call for a TCP socket

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.