[Ksplice][Virtuozzo 4.7 Updates] New updates available via Ksplice (2.6.32-042stab102.9)

Fri Dec 26 10:43:40 PST 2014

Synopsis: 2.6.32-042stab102.9 can now be patched using Ksplice
CVEs: CVE-2013-2596 CVE-2014-3122 CVE-2014-3185 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 CVE-2014-4608 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-5045 CVE-2014-5077

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, 2.6.32-042stab102.9.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4.7 or
OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2014-5077: Remote denial-of-service in SCTP on simultaneous connections.

Linux kernel built with the support for Stream Control Transmission
Protocol is vulnerable to a NULL pointer dereference flaw. It could occur
when simultaneous new connections are initiated between the same pair of
hosts. A remote user/program could use this flaw to crash the system kernel
resulting in denial-of-service.

* CVE-2013-2596: Privilege escalation in video frame buffer driver.

Integer overflow in the fb_mmap() function allows local users to create a
read-write memory mapping for the entirety of kernel memory, and
consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system
calls.

* CVE-2014-3122: Denial-of-service in non-linear memory mappings.

An assertion failure and kernel panic can be triggered when unmapping a
non-linear memory mapping.  This could be exploited by a local,
unprivileged user to crash the system.

* CVE-2014-4608: Integer overflow in LZO when uncompressing blocks larger than 16MB.

Lack of input validation in the LZO library could cause an integer overflow
when uncompressing blocks larger than 16MB, potentially leading to kernel
code execution. A local attacker could use this flaw to elevate privileges.

* CVE-2014-4654, CVE-2014-4655: Missing validity checks in ALSA user controls.

Missing validity checks when replacing user controls could lead to an attempt
to free something that is not a user control or a control that is not owned
by the process. Userspace was also allowed to to bypass user control count
by overflowing it.

* CVE-2014-4653: Use after free in ALSA card controls.

Missing synchronization in ALSA card controls could lead to a control
being freed while being in use.

* CVE-2014-5045: Denial-of-service in virtual filesystem core when trying to unmount a symlink.

Trying to unmount a symlink file on a mounted filesystem would increase the
reference counter for the mount point, preventing any further unmounting. A
local, privileged user could use this flaw to prevent any mount point to be
unmounted.

* CVE-2014-3185: Memory corruption in USB serial WhiteHEAD device driver.

The USB ConnectTech WhiteHEAT serial driver is vulnerable to a memory
corruption flaw. It could occur when reading completion commands via USB
Request Blocks buffers.

A local user with physical access to the system could use this flaw to
corrupt kernel memory area or crash the system kernel resulting in a
denial-of-service.

* CVE-2014-3645 and CVE-2014-3646: KVM guest denial-of-service when using invalid opcodes.

The KVM host emulator does not gracefully handle a KVM guest using the
invept or invvpid opcodes, causing a guest VM exit without proper error
codes being propagated to userspace. A local, unprivileged guest user
could use this flaw to crash a KVM guest VM and cause a denial-of-service.

* CVE-2014-3611: Denial-of-service in KVM emulated programmable interval timer.

Incorrect locking in the KVM emulated programmable interval timer (PIT)
could crash the host kernel under specific conditions. A local attacker
could use this flaw to cause a denial-of-service in the host KVM.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.