[Ksplice][Virtuozzo 4.7 Updates] New updates available via Ksplice (2.6.32-042stab108.6)

[Oracle Ksplice]

Synopsis: 2.6.32-042stab108.6 can now be patched using Ksplice
CVEs: CVE-2015-5364 CVE-2015-5366

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, 2.6.32-042stab108.6.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4.7 or
OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

NOTE

CVE-2015-5364 and CVE-2015-5366 were not part of the officialy
released kernel but we felt that it's important to ship this update
early, before distributions released kernels, because our audit
showed that we have a large number of customers affected by this
issue.


DESCRIPTION

* Kernel panic in netlink_dump caused by repeated unlock.

Nodes could crash due to a repeated unlock call in the netlink code.


* CVE-2015-5364, CVE-2015-5366: Kernel hang on UDP flood with wrong checksums.

A flaw in the UDP handling of wrong checksums could lead to a kernel hang
under a UDP flood attack.  A remote attacker could use this flaw to cause a
denial-of-service.


* Memory corruption when allocating a new process ID.

A logic error in the process ID allocation routine could lead to memory
corruptions under certain circumstances.  A local, unprivileged user could
use this flaw to cause a kernel panic or potentially escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.