[Ksplice][Virtuozzo 4.7 Updates] New updates available via Ksplice (2.6.32-042stab076.7)

Tue Apr 30 13:23:57 PDT 2013

Synopsis: 2.6.32-042stab076.7 can now be patched using Ksplice
CVEs: CVE-2012-6537 CVE-2012-6538 CVE-2012-6546 CVE-2012-6547 CVE-2013-0349 CVE-2013-0913 CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1826 CVE-2013-1827

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, 2.6.32-042stab076.7.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4.7 or
OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2013-1792: Denial-of-service in user keyring management.

A race condition in installing a user keyring could allow a local,
unprivileged user to crash the machine causing a denial-of-service.

* CVE-2012-6537: Kernel information leaks in network transformation subsystem.

This fixes several cases where xfrm_user code could lead kernel
memory to user space.

* CVE-2013-1826: NULL pointer dereference in XFRM buffer size mismatch.

Linux kernel built with XFRM framework support is vulnerable to a NULL pointer
dereference flaw. It occurs while accessing XFRM state via xfrm_state_netlink
routine.

* CVE-2013-1827: Denial-of-service in DCCP socket options.

A NULL pointer dereference in the Datagram Congestion Control Protocol
(DCCP) implementation could allow a local user to cause a denial of
service.

* CVE-2013-0349: Kernel information leak in Bluetooth HIDP support.

An information leak was discovered in the Linux kernel's Bluetooth stack
when HIDP (Human Interface Device Protocol) support is enabled. A local
unprivileged user could exploit this flaw to cause an information leak
from the kernel.

* CVE-2012-6546: Information leak in ATM sockets.

An malicious user can disclose the contents of kernel memory by calling
getsockname() on an ATM socket.

* CVE-2013-1773: Heap buffer overflow in VFAT Unicode handling.

Unicode conversion functions used in the VFAT filesystem were vulnerable
to buffer overruns.  Carefully constructed VFAT partitions mounted with
the utf8 option could allow an attacker to corrupt kernel memory and
possibly execute code in kernel mode.

* CVE-2012-6547: Kernel stack leak from TUN ioctls.

The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before
3.6 does not initialize a certain structure, which allows local users to
obtain sensitive information from kernel stack memory via a crafted
application.

* CVE-2013-0913: Kernel heap overflow in Intel i915 driver.

An integer overflow in the Intel i915 driver when relocating buffers can allow
a local user to overflow the kernel heap and gain privileged code execution.

* CVE-2012-6538: Information leak in network transformation subsystem.

Incorrect initialization of a buffer could leak up to 54 bytes of kernel
heap information to userspace.

* CVE-2013-1774: NULL pointer dereference in USB Inside Out Edgeport serial driver.

A NULL pointer dereference may occur during disconnection of the driver
due to a missing check.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.