[Ksplice][Virtuozzo 4 Updates] New updates available via Ksplice (028stab108.1)

[Oracle Ksplice]

Synopsis: 028stab108.1 can now be patched using Ksplice
CVEs: CVE-2012-6544 CVE-2012-6545 CVE-2013-0914 CVE-2013-1929 CVE-2013-2147 CVE-2013-2164 CVE-2013-2206 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-3222 CVE-2013-3224 CVE-2013-3231 CVE-2013-3235

Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers
kernel security update, 028stab108.1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4 or
OpenVZ on RHEL 5 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Data corruption on NFSv3/v2 short reads.

Reading small amounts of data using NFSv3/v2 would cause data corruption in
the read data.


* CVE-2012-6545: Information leak in Bluetooth RFCOMM socket name.

A malicious user can disclose the contents of kernel memory by calling
getsockname() on an Bluetooth RFCOMM socket.


* CVE-2013-3222: Kernel stack information leak in ATM sockets.

Missing data clearing operations could allow an unprivileged user to
leak kernel stack memory to userspace.


* CVE-2013-3224: Kernel stack information leak in Bluetooth sockets.

Receiving messages from a bluetooth socket whilst the socket is
simultaneously being shut down could leak kernel stack bytes to
userspace allowing a local user to gain information about the running
kernel.


* CVE-2013-3231: Kernel stack information leak in LLC sockets.

Missing initialization could allow a local user to leak kernel stack
information when receiving messages.


* CVE-2013-3235: Kernel stack information leak in TIPC protocol.

Missing initialization could allow a local user to leak stack
information when receiving messages on a Transparent Inter Process
Communication (TIPC) socket.


* CVE-2012-6544: Information leak in Bluetooth L2CAP socket name.

A malicious user can disclose the contents of kernel memory by calling
getsockname() on an Bluetooth L2CAP socket.


* CVE-2013-1929: Buffer overflow in TG3 VPD firmware parsing.

Incorrect length checks when parsing the firmware could cause a buffer
overflow and corruption of memory.


* CVE-2013-0914: Information leak in signal handlers.

A logic error in the handling of signal handlers allows a child process to
leak information about the memory layout of parent processes.


* CVE-2013-2147: Kernel memory leak in Compaq Smart Array controllers.

Missing initialization of a returned result could leak internal kernel
memory back to userspace.


* CVE-2013-2164: Kernel information leak in the CDROM driver.

Incorrect allocation in the generic CDROM driver could result in leaking
heap memory to userspace.


* CVE-2013-2234: Information leak in IPsec key management.

An error in the AF_KEY implementation allows privileged users to leak contents of
the kernel stack to userspace.


* CVE-2013-2237: Information leak on IPSec key socket.

Incorrect initialization on policy flushing could leak kernel stack
bytes to userspace.


* CVE-2013-2232: Memory corruption in IPv6 routing cache.

Connecting an IPv6 socket to an IPv4 destination can cause IPv4 routing
information to be placed in the IPv6 routing cache causing memory corruption
and a kernel panic.


* CVE-2013-2206: NULL pointer dereference in SCTP duplicate cookie handling.

A flaw was found in the way the Linux kernel's Stream Control
Transmission Protocol (SCTP) implementation handled duplicate cookies.
If a local user queried SCTP connection information at the same time a
remote attacker has initialized a crafted SCTP connection to the system,
it could trigger a NULL pointer dereference, causing the system to
crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.