[Ksplice][Virtuozzo 4.7 Updates] New Ksplice updates for Virtuozzo 4.7 or OpenVZ on RHEL 6 (2.6.32-042stab131.1)

Thu Jul 5 17:06:28 PDT 2018

Synopsis: 2.6.32-042stab131.1 can now be patched using Ksplice
CVEs: CVE-2012-6701 CVE-2015-8830 CVE-2016-8650 CVE-2017-12190 CVE-2017-15121 CVE-2017-18203 CVE-2017-2671 CVE-2017-6001 CVE-2017-7616 CVE-2017-7889 CVE-2018-5803

Systems running Virtuozzo 4.7 or the OpenVZ RHEL 6 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers 4.7
kernel security update, 2.6.32-042stab131.1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Virtuozzo 4.7
or OpenVZ on RHEL 6 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2012-6701, CVE-2015-8830: Denial of service in AIO.

Due to a missing length check, a userspace process could potentially
pass a very large IO control block to the kernel. A malicious user
could use this to cause denial of service.

* CVE-2016-8650: NULL pointer dereference in the key management subsystem.

A missing check in the Multiprecision maths library used to implement
RSA digital signature verification could lead to a NULL pointer
dereference. A local user could use this flaw to cause a denial-of-service.

* CVE-2017-2671: Use-after-free in ping implementation.

A race condition in the kernel ping implementation can result in a
use-after-free. A local attacker with access to ping sockets could use
this flaw to cause a kernel crash or escalate privileges.

* CVE-2017-7616: Information leak when setting memory policy.

A missing check when setting memory policy through set_mempolicy()
syscall could lead to a stack data leak. A local attacker could use this
flaw to leak information about running kernel and facilitate an attack.

* CVE-2017-7889: Permissions bypass via /dev/mem file.

The mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
protection mechanism, which allows local users to read or write to
kernel memory locations via an application that opens the /dev/mem file.

* CVE-2017-12190: Denial-of-service in block I/O page merging.

A failure to decrement a reference count when merging block I/O pages
can result in a memory leak. A local user could use this flaw to cause a
denial-of-service.

* CVE-2017-15121: Denial of service when punching holes into files from Fuse.

A logic error when punching holes into files which do not end on a page
boundary in the Fuse filesystem could cause a kernel crash.  A local user
with the ability to mount fuse filesystem could use this flaw to cause a
denial-of-service.

* CVE-2017-18203: Denial-of-service during device mapper destruction.

A race condition between creation and destruction of device mapper
objects can result in an assertion failure, leading to a kernel crash. A
local user could use this flaw to cause a denial-of-service.

* CVE-2018-5803: Denial-of-service when receiving forged packet over SCTP socket.

A missing check when receiving a forged packet with custom properties
over SCTP socket could lead to a kernel assert. A remote attacker could
use this flaw to cause a denial-of-service.

* CVE-2017-6001: Use-after-free in the perf subsystem on concurrent perf_event_open.

Incorrect locking in the perf subsystem could lead to a use-after-free on
concurrent perf_event_open().  A local unprivileged user could use this
flaw to potentially elevate privileges depending on the perf_event paranoid
setting.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.