[Ksplice][EL7-Updates] New updates available via Ksplice (RHSA-2015:0102-1)
Phil Turnbull
phil.turnbull at oracle.com
Thu Jan 29 12:37:00 PST 2015
Synopsis: RHSA-2015:0102-1 can now be patched using Ksplice
CVEs: CVE-2014-4171 CVE-2014-5471 CVE-2014-5472 CVE-2014-7145 CVE-2014-7822 CVE-2014-7841
Systems running Red Hat Enterprise Linux 7 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2015:0102-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on RHEL 7 install these
updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2014-4171: Denial-of-service in shared memory when faulting into a hole while it's punched.
A flaw in the shared memory fault implementation could lead to a kernel
hang if the fault happens to be in a hole which is being punched or
sliced. A local, privileged user could use this flaw to cause a
denial-of-service.
* CVE-2014-7145: NULL pointer dereference in CIFS SMB2 error handling.
Invalid error handling in the cifs smb2 code could result in
a NULL pointer dereference and kernel panic.
* CVE-2014-7822: Incorrect parameter validation in splice() system call.
An incorrect parameter validation in the splice() system call could allow
a local, unprivileged user could use this flaw to write past the maximum
file size, and thus crash the system.
* CVE-2014-7841: NULL pointer dereference with SCTP server during ASCONF.
A problem with how the SCTP verifies input can lead to a NULL pointer
dereference and kernel panic. A malicious user could exploit this using
a specially crafted packet to cause a denial-of-service.
* CVE-2014-5471, CVE-2014-5472: Privilege escalation in ISO filesystem implementation.
The parse_rock_ridge_inode_internal() function in the ISO filesystem driver
does not correctly check relocated directories when processing Rock Ridge
child link tags. An attacker with physical access to the system could use a
specially crafted ISO image to cause a denial of service or, potentially,
escalate their privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-EL7-updates
mailing list