[Ksplice][EL6-Updates] New updates available via Ksplice (RHSA-2013:1645)

Fri Nov 22 13:54:07 PST 2013

Synopsis: RHSA-2013:1645 can now be patched using Ksplice
CVEs: CVE-2012-6542 CVE-2012-6545 CVE-2013-0343 CVE-2013-1928 CVE-2013-1929 CVE-2013-2164 CVE-2013-2234 CVE-2013-2851 CVE-2013-2888 CVE-2013-2889 CVE-2013-3231 CVE-2013-4387 CVE-2013-4591 CVE-2013-4592

Systems running RHCK on Oracle Linux 6, Red Hat Enterprise Linux 6,
CentOS 6, and Scientific Linux 6 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2013:1645.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on OL 6, RHEL 6, CentOS
6, and Scientific Linux 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2013-4387: Memory corruption in IPv6 UDP fragmentation offload.

The kernel IPv6 stack does not correctly handle queuing multiple UDP fragments
when using UDP Fragmentation Offloading allowing a local unprivileged user to
cause kernel memory corruption and potentially gain privileged code execution.

* CVE-2013-0343: Denial of service in IPv6 privacy extensions.

A malicious remote user can disable IPv6 privacy extensions by flooding the host
with malicious temporary addresses.

* Off-by-one error causes reduced entropy in kernel PRNG.

An off-by-one error can cause the default kernel pseudorandom number generator
to return duplicate bytes when filling multiple buffers in quick succession.

* CVE-2013-2888: Memory corruption in Human Input Device processing.

The kernel does not correctly validate the 'Report ID' field in HID data allowing
a malicious USB or Bluetooth device to cause memory corruption and gain kernel
code execution.

* CVE-2013-2889: Memory corruption in Zeroplus HID driver.

The Zeroplus game controller device driver does not correctly validate
data from devices allowing a malicious device to cause kernel memory
corruption and potentially gain kernel code execution.

* CVE-2012-6542: Information leak in LLC socket name.

A malicious user can disclose the contents of kernel memory by calling
getsockname() on an LLC socket.

* CVE-2013-3231: Kernel stack information leak in LLC sockets.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages.

* CVE-2013-1929: Buffer overflow in TG3 VPD firmware parsing.

Incorrect length checks when parsing the firmware could cause a buffer
overflow and corruption of memory.

* CVE-2012-6545: Information leak in Bluetooth RFCOMM socket name.

A malicious user can disclose the contents of kernel memory by calling
getsockname() on an Bluetooth RFCOMM socket.

* CVE-2013-1928: Kernel information leak in compat_ioctl/VIDEO_SET_SPU_PALETTE.

The compat control device call for VIDEO_SET_SPU_PALETTE was missing an error check
while converting the input arguments.  This could lead to leaking kernel
stack contents into userspace.

* CVE-2013-2164: Kernel information leak in the CDROM driver.

Incorrect allocation in the generic CDROM driver could result in leaking
heap memory to userspace.

* CVE-2013-2234: Information leak in IPsec key management.

An error in the AF_KEY implementation allows privileged users to leak contents of
the kernel stack to userspace.

* CVE-2013-2851: Format string vulnerability is software RAID device names.

A format string vulnerability in partition registration allows local
users to execute kernel mode code by writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create an invalid
/dev/md device name.

* CVE-2013-4591: Privilege escalation in NFSv4 ACL handling.

The vendor fix for CVE-2012-2375 accidentally removed a check for small-sized
result buffers. A local, unprivileged user with access to an NFSv4 mount with
ACL support could use this flaw to crash the system or, potentially, escalate
their privileges on the system.

* CVE-2013-4592: Denial-of-service in KVM IOMMU mappings.

A flaw was found in the way IOMMU memory mappings were handled when
moving memory slots. A malicious user on a KVM host who has the ability to
assign a device to a guest could use this flaw to crash the host.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.