[Ksplice-el7-updates] New updates available via Ksplice (RHSA-2014:0786-01)

[Jamie Iles]

Synopsis: RHSA-2014:0786-01 can now be patched using Ksplice
CVEs: CVE-2014-0206 CVE-2014-1737 CVE-2014-1738 CVE-2014-2568 CVE-2014-2851 CVE-2014-3144 CVE-2014-3145 CVE-2014-3153

Systems running Red Hat Enterprise Linux 7 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2014:0786-01.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 7 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2014-1737, CVE-2014-1738: Local privilege escalation in floppy ioctl.

The floppy driver would leak internal memory addresses to userspace,
and would allow unprivileged userspace code to overwrite those
addresses, allowing for a local privilege escalation and gaining
of root.


* CVE-2014-3153: Local privilege escalation in futex requeueing.

Invalid parameters to the futex() syscall may break assumptions made in
the kernel and would leave dangling pointers that could be exploited
to gain root privileges.


* CVE-2014-3144, CVE-2014-3145: Multiple local denial of service vulnerabilities in netlink.

The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extension implementations
in the sk_run_filter function in net/core/filter.c failed to check whether
a certain length value is sufficiently large, which allows local users to
cause a denial of service (integer underflow and system crash) via crafted
BPF instructions.


* CVE-2014-2568: Information leak in netlink packet copying.

A reference counting error in the netlink net-filter subsystem can cause the
contents of kernel memory to be leaked to unprivileged users in netlink packets.


* CVE-2014-2851: Integer overflow in IPv4 ping initialization.

Integer overflow in IPv4 ping_init_sock function could allow an attacker
to cause a denial-of-service or elevate privileges.


* CVE-2014-0206: Information leak in asynchronous I/O ring buffer.

It was found that the aio_read_events_ring() function of the Linux
kernel's Asynchronous I/O (AIO) subsystem did not properly sanitize the
AIO ring head received from user space. A local, unprivileged user could
use this flaw to disclose random parts of the (physical) memory
belonging to the kernel and/or other processes.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.