[Ksplice][Virtuozzo 4.7 Updates] New updates available via Ksplice (CU-2.6.32-042stab065.3)

Tue Nov 27 07:30:32 PST 2012

Synopsis: CU-2.6.32-042stab065.3 can now be patched using Ksplice
CVEs: CVE-2012-1568 CVE-2012-2133 CVE-2012-3400 CVE-2012-3511

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, CU-2.6.32-042stab065.3.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4.7 or
OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Kernel panic in SUNRPC over TCP.

A kernel panic can be triggered when closing a SUNRPC TCP socket.

* Use-after-free in USB.

A race condition that occurs when removing host controllers can
cause a use-after-free if a process is reading the
/sys/kernel/debug/usb/devices when the controller is being removed.

* Race condition in SUNRPC.

A race condition can cause data corruption when closing a SUNRPC socket.

* CVE-2012-3400: Buffer overflow in UDF parsing.

A bug in the kernel's UDF file system driver could be exploited by an
unprivileged local user to crash the system.

* CVE-2012-3511: Use-after-free due to race condition in madvise.

A race condition between munmap and madvise can cause a use-after-free
in the memory management system.

* CVE-2012-1568: A predictable base address with shared libraries and ASLR.

Address space layout randomization (ASLR) is a security method which
involves randomly arranging the positions of key data areas,
usually including the base of the executable and position of libraries,
heap, and stack, in a process's address space.

When running a binary with a lot of shared libraries, predictable base
address is used for one of the loaded libraries. This flaw could be
used to bypass ASLR.

* CVE-2012-2133: Use-after-free in hugetlbfs quota handling.

A use after free bug in the kernel hugetlb code can allow an authenticated,
unprivileged local attacker to crash the system (and possibly gain higher
privileges) if huge pages are enabled in the system.

* Kernel panic in delayfs reopening.

A missing check for data validity could result in dereferencing an
invalid pointer causing a kernel crash.

* Kernel panic in TCP socket online migration.

Incorrect timer management could result in accessing an empty list and
trigger a kernel panic when performing online migration.

* Kernel panic on container stop with no vz service running.

Stopping a container without the vz service running could result in a
kernel panic from the sunrpc subsystem.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.