[Ksplice][Virtuozzo 4.7 Updates] New updates available via Ksplice (2.6.32-042stab108.8)

Fri Jul 24 06:33:26 PDT 2015

Synopsis: 2.6.32-042stab108.8 can now be patched using Ksplice
CVEs: CVE-2014-3184 CVE-2014-3940 CVE-2014-4652 CVE-2014-8133 CVE-2014-8709 CVE-2014-9683 CVE-2015-0239 CVE-2015-3339 CVE-2015-5364 CVE-2015-5366

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, 2.6.32-042stab108.8.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4.7 or
OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2015-5364, CVE-2015-5366: Kernel hang on UDP flood with wrong checksums.

A flaw in the UDP handling of wrong checksums could lead to a kernel hang
under a UDP flood attack.  A remote attacker could use this flaw to cause a
denial-of-service.

* CVE-2014-3184: Invalid memory write in HID drivers.

Several HID drivers (Cherry Cymotion keyboard, KYE/Genius devices,
Logitech devices, Monterey Genius KB29E keyboard, Petalynx Maxtor
remote control, and Sunplus wireless desktop) are vulnerable to an
out-of-bounds write due to some off-by-one bugs.  This could occur if
a HID device report offers an invalid report descriptor size.

A local user with physical access to the system could use this flaw to
write past an allocated memory buffer.

* CVE-2014-3940: Memory corruption during huge page migration.

A missing check to verify the page table entry is present when gathering
stats about huge pages could lead to a memory corruption if the huge pages
are being migrated concurrently. A local, unprivileged user could use this
flaw to cause a denial-of-service.

* CVE-2014-4652: Arbitrary memory disclosure in ALSA user controls.

Lack of synchronization between reads and writes to ALSA user controls
could lead to a kernel memory disclosure.

* CVE-2014-8133: Information leak in thread area of 32-bit KVM guests.

The espfix implementation which prevents kernel information leaking to
unprivileged guests can be bypassed by creating a custom thread area. A
local unprivileged user could potentially use this flaw to leak stack
addresses.

* CVE-2014-8709: Information leak in mac80211 when transferring fragmented packet.

A flaw in the mac80211 stack could result in leaking 8 bytes of plain text
in the air. An attacker, physically in the range of the WiFi network, could
use this flaw to obtain sensitive informations.

* CVE-2014-9683: Out-of-bounds memory write in eCryptfs when decoding a file name.

A lack of input validation when decoding a file name in the eCryptfs driver
could lead to an out-of-bounds memory write of one zero byte, potentially
causing a kernel panic.  A local user could use a specially crafted
eCryptfs filesystem to cause a denial-of-service.

* CVE-2015-0239: Privilege escalation in KVM sysenter emulation.

The KVM emulation of the sysenter instruction does not validate 16-bit
code segments which can allow a local attacker to potentially elevate
privileges.

* CVE-2015-3339: Privilege escalation due to race condition between execve and chown.

The execve() syscall can race with inode attribute changes made by chown().
This race condition could result in execve() setting uid/gid to the new
owner, leading to privilege escalation.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.