[Ksplice][EL6-Updates] New updates available via Ksplice (RHSA-2014:0771)

Oracle Ksplice ksplice-support_ww at oracle.com
Fri Jun 20 19:36:00 PDT 2014 

Synopsis: RHSA-2014:0771 can now be patched using Ksplice
CVEs: CVE-2013-6378 CVE-2014-0196 CVE-2014-0203 CVE-2014-1737 CVE-2014-1738 CVE-2014-1874 CVE-2014-3153

Systems running RHCK on Oracle Linux 6, Red Hat Enterprise Linux 6,
CentOS 6, and Scientific Linux 6 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2014:0771.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on OL 6, RHEL 6, CentOS
6, and Scientific Linux 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2014-1737, CVE-2014-1738: Local privilege escalation in floppy ioctl.

The floppy driver would leak internal memory addresses to userspace,
and would allow unprivileged userspace code to overwrite those
addresses, allowing for a local privilege escalation and gaining
of root.


* CVE-2014-0196: Pseudo TTY device write buffer handling race.

A race in how the pseudo ttyp (pty) device handled device writes when
two threads/processes wrote to the same pty, the buffer end could be
overwritten. An attacker could use this to cause a denial-of-service or
gain root privileges.


* CVE-2014-3153: Local privilege escalation in futex requeueing.

Invalid parameters to the futex() syscall may break assumptions made in
the kernel and would leave dangling pointers that could be exploited
to gain root privileges.


* Invalid memory access in dynamic debug entry listing.

Modules may attempt to register dynamic debug entries while they don't
really have valid entries. This may cause invalid memory dereference
when listing dynamic debug entries.


* CVE-2013-6378: Denial-of-service in Marvell 8xxx Libertas WLAN driver.

Incorrect validation of user supplied data in the Marvell 8xxx Libertas
WLAN driver could allow a privileged user to trigger an invalid pointer
dereference and crash the system.


* CVE-2014-1874: Denial-of-service in SELinux on empty security context.

Incorrect input validation in the SELinux subsystem could lead to a NULL
pointer dereference. A local, privileged user could use this flaw to cause
a denial-of-service.


* CVE-2014-0203: Memory corruption on listing procfs symbolic links.

The symbolic link walking function didn't properly terminate it's return
value which could lead to excessive freeing of memory and consequent memory
corruption. A local, unprivileged user could use this flaw to crash the system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-EL6-Updates mailing list