[Ksplice][EL7-Updates] New updates available via Ksplice (RHSA-2015-2152)

Mon Nov 23 07:57:27 PST 2015

Synopsis: RHSA-2015-2152 can now be patched using Ksplice
CVEs: CVE-2013-7421 CVE-2014-3647 CVE-2014-7842 CVE-2014-9419 CVE-2014-9644 CVE-2015-0239 CVE-2015-2925 CVE-2015-3339 CVE-2015-5283 CVE-2015-7613 CVE-2015-7837

Systems running RHCK on Oracle Linux 7, Red Hat Enterprise Linux 7,
CentOS 7, and Scientific Linux 7 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2015-2152.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on OL 7, RHEL 7, CentOS
7, and Scientific Linux 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2013-7421, CVE-2014-9644: Arbitrary module loading by users in crypto API.

The kernel crypto API does not restrict which kernel modules can be
loaded automatically which allows users to load arbitrary kernel
modules. This allows an unprivileged user to increase the attack surface
of the kernel.

* CVE-2014-7842: Denial of service in KVM L1 guest from L2 guest.

A malicious nested L2 KVM guest can cause the L1 guest to crash by
triggering a race condition when accessing MMIO memory. A local attacker
could use this flaw to cause a denial of service.

* CVE-2014-9419: Address leak on context switch bypasses ASLR.

A flaw in the context switch code could lead to leaking another thread's
local storage area.  A local, unprivileged user could use this flaw to gain
information about another process address space mappings and bypass address
space layout randomization.

* CVE-2015-2925: Privilege escalation in bind mounts inside namespaces.

Incorrect handling of renames inside container bind mounts could allow a
local user to escape a container and escalate privileges under specific
conditions.

* CVE-2015-3339: Privilege escalation due to race condition between execve and chown.

The execve() syscall can race with inode attribute changes made by chown().
This race condition could result in execve() setting uid/gid to the new
owner, leading to privilege escalation.

* CVE-2015-7613: Privilege escalation in IPC object initialization.

Incorrect initialization of IPC objects could result in memory
corruption when creating message queues or shared memory.  A local,
unprivileged user could use this flaw to escalate privileges.

* CVE-2015-7837: SecureBoot bypass when using kexec.

A flaw was found in the way the Linux kernel handled the securelevel
functionality after performing a kexec operation. A local attacker could
use this flaw to bypass the security mechanism of the securelevel,
secureboot combination.

* CVE-2014-3647: Denial-of-service in guest KVM when changing RIP to non-canonical address.

A flaw in the KVM emulator mishandles non-canonical addresses when
emulating instructions which change the instruction pointer, potentially
causing a failed VM-entry. A privileged guest user could use this flaw to
cause a denial-of-service in the guest.

* CVE-2015-0239: Privilege escalation in KVM sysenter emulation.

The KVM emulation of the sysenter instruction does not validate 16-bit
code segments which can allow a local attacker to potentially elevate
privileges.

* CVE-2015-5283: Denial-of-service when creating SCTP sockets before the module has loaded.

A local user could use this flaw to cause a denial of service on the system
by triggering a kernel panic when creating multiple sockets in parallel
while the system did not have the SCTP module loaded.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.