[Ksplice][Virtuozzo 4.7 Updates] New updates available via Ksplice (2.6.32-042stab103.6)

Fri Jan 30 05:28:06 PST 2015

Synopsis: 2.6.32-042stab103.6 can now be patched using Ksplice
CVEs: CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-5471 CVE-2014-5472 CVE-2014-6410 CVE-2014-7825 CVE-2014-7826

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, 2.6.32-042stab103.6.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4.7 or
OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2014-7825, CVE-2014-7826: Perf DoS and local privilege escalation.

A missing validation of syscall id range allows an attacker to trigger a
kernel panic, or leverage it into gaining root privileges if root was
doing perf tracing at that time.

* CVE-2014-6410: Denial of service in UDF filesystem parsing.

The kernel UDF filesystem driver does not correctly validate indirect
inodes allowing a malicious user to cause a kernel panic by mounting a
UDF volume with deeply nested indirect inodes.

* CVE-2014-3673: Remote denial-of-service in SCTP stack.

A flaw in the SCTP stack when receiving malformed ASCONF chunks leads to a
kernel panic. A remote attacker could use this flaw to cause a
denial-of-service.

* CVE-2014-3687: Remote denial-of-service in SCTP stack.

A flaw in the SCTP stack when receiving duplicate ASCONF chunks leads to a
kernel panic. A remote attacker could use this flaw to cause a
denial-of-service.

* CVE-2014-3688: Remote denial-of-service in SCTP stack by memory exhaustion.

A flaw in the SCTP stack could allow a remote attacker to force a SCTP
server to allocate big amounts of memory and trigger the kernel
out-of-memory killer, leading to a denial-of-service.

* CVE-2014-5471, CVE-2014-5472: Privilege escalation in ISO filesystem implementation.

The parse_rock_ridge_inode_internal() function in the ISO filesystem driver
does not correctly check relocated directories when processing Rock Ridge
child link tags. An attacker with physical access to the system could use a
specially crafted ISO image to cause a denial of service or, potentially,
escalate their privileges.

* Kernel panic when pruning dentry from the cache while unmounting the filesystem.

A race condition in the filesystem dcache implementation could lead to a
kernel panic when pruning dentry from the cache if the filesystem was being
un-mounted.  A privileged user in a container could use this flaw to cause
a denial-of-service.

* Denial-of-service in ext4 filesystem on umount().

An lack of inode removal from the orphan list when deleting an inode could
lead a BUG_ON() assertion to be triggered on umount().  A local, privileged
user could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.