[El-errata] New updates available via Ksplice (ELSA-2013-2513)

Mon Apr 15 06:48:19 PDT 2013

Synopsis: ELSA-2013-2513 can now be patched using Ksplice
CVEs: CVE-2013-0871 CVE-2013-0913 CVE-2013-1773

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2013-2513.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 6 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Race condition in cgroup process handling.

Several race conditions in cgroup process handling could lead to an
incorrect calculation of the alloted runtime for a process.

* Kernel crash in floppy module initialization and exit.

Incorrect handling of errors and incorrect reference counting could
result in a kernel crash when inserting or removing the floppy module.

* Stale data exposure in XFS with custom extent sizes.

A directory on an xfs filesystem with a custom extent size could allow
stale data to be leaked when writing files with holes in them.

* Kernel crash in paravirtualization lazy mode during interrupts.

A race condition between different paravirtualized lazy modes during
interrupt handling could result in a BUG_ON() and kernel crash.

* CVE-2013-1773: Heap buffer overflow in VFAT Unicode handling.

Unicode conversion functions used in the VFAT filesystem were vulnerable
to buffer overruns.  Carefully constructed VFAT partitions mounted with
the utf8 option could allow an attacker to corrupt kernel memory and
possibly execute code in kernel mode.

* CVE-2013-0871: Privilege escalation in PTRACE_SETREGS.

A race condition in ptrace can lead to kernel stack corruption allowing
an attacker to control execution and possible escalate privileges.

* CVE-2013-0913: Kernel heap overflow in Intel i915 driver.

An integer overflow in the Intel i915 driver when relocating buffers can
allow a local user to overflow the kernel heap and gain privileged code
execution.

* Logic error in RDS congestion control.

The kernel does not correctly clear the congestion flag on RDS sockets
causing sockets to stop processing incoming packets once they become
congested.

* Kernel deadlock in Infiniband SDP socket close.

Incorrect locking of Sockets Direct Protocol sockets can cause a kernel
deadlock when closing a sockets.

* Logic error in PCI power management of VM guest devices.

Under certain circumstances the PCI power management implementation does
not correctly initialise PCI devices in VM guests.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.