[Ksplice][Virtuozzo 4.7 Updates] New updates available via Ksplice (CU-2.6.32-042stab076.5)

Tue Apr 2 09:56:21 PDT 2013

Synopsis: CU-2.6.32-042stab076.5 can now be patched using Ksplice
CVEs: CVE-2012-4508 CVE-2012-4542 CVE-2013-0190 CVE-2013-0268 
CVE-2013-0310 CVE-2013-0311 CVE-2013-1767

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, CU-2.6.32-042stab076.5.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4.7 or
OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2013-0190: stack corruption with Xen 32-bit paravirtualied guests.

Incorrect manipulation of the stack pointer in the error path for iret
failure with a 32-bit paravirtualized guest could result in stack
corruption.  This could be triggered by an unprivileged user in the
guest to cause a denial-of-service.

* CVE-2013-0310: NULL pointer dereference in CIPSO socket options.

Adding a CIPSO option to a socket could result in a NULL pointer
dereference and kernel crash under specific conditions.

* CVE-2013-0311: Privilege escalation in vhost descriptor management.

Incorrect handling of vhost descriptors that crossed regions could allow
a privileged guest user to crash the host or possibly escalate
privileges inside the host.

* CVE-2012-4508: Stale data exposure in ext4.

A race condition in the usage of asynchronous IO and fallocate on an ext4
filesystem could lead to exposure of stale data from a deleted file. An
unprivileged local user could use this flaw to read privileged information.

* CVE-2012-4542: SCSI command filter does not restrict access to 
read-only devices.

The default SCSI command filter does not accommodate commands that 
overlap across
device classes. A privileged guest user could potentially use this flaw 
to write
arbitrary data to a LUN that is passed-through as read-only.

* CVE-2013-0268: /dev/cpu/*/msr local privilege escalation.

Access to /dev/cpu/*/msr was protected only using filesystem
checks. A local uid 0 (root) user with all capabilities dropped
could use this flaw to execute arbitrary code in kernel mode.

* Denial-of-service on NFS volumes.

Incorrect locking could cause all operations on a NFS volume to hang,
which could potentially be used to cause a denial-of-service.

* CVE-2013-1767: Use-after-free in tmpfs mempolicy remount.

If a tempfs mount that was originally mounted with the mpol=M
option is remounted it reuses the already freed mempolicy object.

* Kernel panic in NFS on kernels compiled without NFS quota.

On kernels compiled without quota support, NFS inode deletions could lead
to a kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.