[Ksplice][Virtuozzo 4.7 Updates] New updates available via Ksplice (CU-2.6.32-042stab079.4)

Fri Aug 2 13:08:56 PDT 2013

Synopsis: CU-2.6.32-042stab079.4 can now be patched using Ksplice
CVEs: CVE-2012-6548 CVE-2013-0914 CVE-2013-1848 CVE-2013-1935 
CVE-2013-1943 CVE-2013-2017 CVE-2013-2128 CVE-2013-2239 CVE-2013-2634 
CVE-2013-2852 CVE-2013-3222 CVE-2013-3224 CVE-2013-3225 CVE-2013-3301

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, CU-2.6.32-042stab079.4.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4.7 or
OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2013-2017: Double free in Virtual Ethernet Tunnel driver (veth).

A double free flaw was found in the Linux kernel's Virtual Ethernet
Tunnel driver (veth). A remote attacker could possibly use this flaw to
crash a target system.

* CVE-2013-1943: Local privilege escalation in KVM memory mappings.

A missing sanity check was found in KVM's memory mapping subsystem,
allowing a user-space process to register memory regions pointing
to the kernel address space. A local, unprivileged user could use this flaw
to escalate their privileges.

* CVE-2013-1935: Denial of service in KVM paravirt interrupt handling.

A flaw was found in the way KVM initialized a guest's registered
paravirtualized end-of-interrupt indication flag when entering the
guest. An unprivileged guest user could potentially use this flaw
to crash the host. (CVE-2013-1935, Important)

* CVE-2013-2239: Multiple memory leaks in OpenVZ kernel 2.6.32.

Failure to properly initilize variables in ploop and quota could allow
local users to obtain sensitive information from kernel stack memory.

* Invalid bean counter memory free in tcpsndbuf.

A race condition between poll and send in tcpsndbuf could cause a
subsequent bc release to perform an invalid memory free and taint
the kernel.

* CVE-2012-6548: Information leak in UDF export.

A malicious can disclose the contents of kernel memory by exporting
a filehandle from a UDF filesystem.

* CVE-2013-0914: Information leak in signal handlers.

A logic error in the handling of signal handlers allows a child process to
leak information about the memory layout of parent processes.

* CVE-2013-1848: Format string vulnerability in ext3 mounting.

The ext3 file-system driver incorrectly uses an argument from userspace as a
format string allowing local users with the ability to mount ext3 
filesystems
to corrupt kernel memory and gain privileged execution.

* CVE-2013-2852: Invalid format string usage in Broadcom B43 wireless 
driver.

Format string vulnerability in the b43_request_firmware function
in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4
allows local users to gain privileges by leveraging root access and
including format string specifiers in an fwpostfix modprobe parameter,
leading to improper construction of an error message.

* CVE-2013-3222: Kernel stack information leak in ATM sockets.

Missing data clearing operations could allow an unprivileged user to
leak kernel stack memory to userspace.

* CVE-2013-3224: Kernel stack information leak in Bluetooth sockets.

Receiving messages from a bluetooth socket whilst the socket is
simultaneously being shut down could leak kernel stack bytes to
userspace allowing a local user to gain information about the running
kernel.

* CVE-2013-3225: Kernel stack information leak in Bluetooth rfcomm.

Missing data clearing operations could allow a local user to leak kernel
stack memory to userspace.

* CVE-2013-3301: NULL pointer dereference in tracing sysfs files.

The tracing sysfs files did not correctly allow seeking on a file opened
for writing, allowing a priviliged user to crash the system.

* CVE-2013-2634, 2635: Kernel leak in data center bridging and netlink.

The dcb netlink interface and the rtnetlink interface leak stack memory in
various places.

* CVE-2013-2128: Denial of service in TCP splice.

The tcp_read_sock function in tcp.c does not properly manage skb 
consumption,
which allows local users to cause a denial of service (system crash) via a
crafted splice system call for a TCP socket

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.