[Ksplice][Virtuozzo 4.7 Updates] New updates available via Ksplice (2.6.32-042stab108.1)

Fri May 1 00:50:34 PDT 2015

Synopsis: 2.6.32-042stab108.1 can now be patched using Ksplice
CVEs: CVE-2014-3215 CVE-2014-3690 CVE-2014-7825 CVE-2014-7826 CVE-2014-8884 CVE-2014-9529 CVE-2014-9584 CVE-2015-1421

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, 2.6.32-042stab108.1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Virtuozzo 4.7 or
OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2014-9529: Use-after-free when garbage collecting keys.

A logic error when garbage collecting cryptographic keys leads to a
user-after-free and kernel panic. A local user could use this flaw to crash
the kernel and cause a denial-of-service.

* CVE-2015-1421: Privilege escalation in SCTP INIT collisions.

Missing reference counting could result in a use-after-free during an
INIT collision when establishing an SCTP socket.  A remote attacker
could use this flaw to trigger a denial-of-service or potentially gain
privileges.

* CVE-2014-9584: Out-of-bounds memory access in ISO filesystem when printing ER records.

A missing input validation when printing ER records on the iso9660 driver
could lead to an out-of-bounds memory write, potentially leading to a
kernel panic.  A local attacker could use a corrupted ISO file to cause a
denial-of-service.

* CVE-2014-8884: Buffer overflow in DEC2000 and DEC3000 USB adapters.

A lack of input validation when copying an ioctl command could lead to
overflowing data on the stack, causing a kernel panic. A local user could
use this flaw to cause a denial-of-service or potentially escalate
privileges.

* Memory corruption in USB EHCI.

Failure to properly set pointers for isochronous URBs can cause URBs to
be improperly reused, leading to list corruption and a system freeze.

* CVE-2014-7825, CVE-2014-7826: Perf DoS and local privilege escalation.

A missing validation of syscall id range allows an attacker to trigger a
kernel panic, or leverage it into gaining root privileges if root was
doing perf tracing at that time.

* CVE-2014-3690: Denial of Service in KVM/VMX CR4 register management.

KVM on VMX does not reload the CR4 register when it changes on the host,
which means that host features aren't updated on guests. This could lead
to a local denial of service.

* CVE-2014-3215: Privilege escalation in seunshare execution of binaries.

A bug in libcap-ng could allow local, unpriviliged users to potentially
escalate priviliges on a system, exploitable through seunshare and other
tools.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.