[El-errata] New updates available via Ksplice (ELBA-2013-2516)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Sat Apr 20 05:47:44 PDT 2013


Synopsis: ELBA-2013-2516 can now be patched using Ksplice
CVEs: CVE-2012-2375 CVE-2012-4508 CVE-2013-0310 CVE-2013-1767 CVE-2013-1773

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle kernel update, ELBA-2013-2516.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 6 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Fix kernel crash when adding new vcpus into PV-HVM DomU.

A null pointer deference can lead to a kernel crash when adding new
vcpus.


* Kernel crash in oprofile NMI.

A race condition in the oprofile NMI can cause kernel crashes
if the KM_USER0 slot is in use when the oprofile NMI hits.


* Allow user to disable stack randomization.

Oracle ExaLogic WLS deployments are heavly scripted and hence produced a lot
of activity that causes massive depletion of the Linux entropy pool.

This patch allows the user to disable stack randomization when the rest
of ASLR is disabled via sysctl setting:

   kernel.randomize_va_space = 0


* Kernel OOPS in fork() under heavy load.

Because MMU updates weren't being flushed when doing kmap_atomic (or
kunmap_atomic), we could hit a dereference bug when processing a "fork()"
on a heavy loaded machine.


* Kernel panic under heavy memory and filesystem load.

Under heavy memory and filesystem load, an assertion failure
during page reclaim can lead to a kernel panic.


* Deadlock when shutting down oprofile.

An invalid locking order could lead to a kernel deadlock when
shutting down oprofile.


* Misleading error kernel log messages in GPT partition handling.

An invalid check caused confusing warning messages of the form "Alternate
GPT is invalid, using primary GPT." to be printed out.


* Ensure that NFS write and commit completes.

Make NFS write and commit RPC calls asynchronous, allowing them to be
completed even in the event of a user interrupt.


* Correctly merge virtual memory areas when binding.

When mbind() is called for adjacent areas, they are expected to be 
merged into
a single virtual memory area.


* Packet loss in IPv4 networking.

An invalid optimisation in the IPv4 networking stack could cause IPv4
packets to be incorrectly dropped.


* Keep MTU setting after migration in xen-netfront.

After migration in xen the MTU gets reset to the default value of 1500
instead of the value it was set to.


* Fix divide by zero in sched with very long-lived processes.

On architectures where cputime_t is 64 bit type, is possible to trigger
divide by zero on do_div(temp, (__force u32) total) line, if total is a
non zero number but has lower 32 bit's zeroed.


* Remove invalid kernel warning message in NFS.

Remove the incorrect "VFS is out of sync with lock manager" kernel
warning from the NFS code.


* Memory corruption in OCFS2 distributed lock manager.

Kernel memory corruption can be triggered when the distributed lock manager
attempts to recover from DLM nodes disconnecting.


* OCFS2 mount can hang forever.

If a lockres refresh fails, the ocfs2 mount will hang forever waiting
on a super lock.


* NULL pointer dereference in PCI hotplug.

A NULL pointer dereference can be triggered when configuring the maximum
payload on a hotplugged PCI device leading to a kernel panic.


* Disk failure in multipath error handling.

SCSI multipath didn't properly propagate a target I/O error, causing
it to be treated as a path error, causing the disks to be offlined.


* Invalid resets in Smart Arrays can lead to root filesystem corruption.

Invalid reset in Smart Arrays can, in some cases, lead to root
filesystem corruption, making the root device unbootable.


* CVE-2013-1773: Heap buffer overflow in VFAT Unicode handling.

Unicode conversion functions used in the VFAT filesystem were vulnerable
to buffer overruns.  Carefully constructed VFAT partitions mounted with
the utf8 option could allow an attacker to corrupt kernel memory and
possibly execute code in kernel mode.


* CVE-2012-4508: Stale data exposure in ext4.

A race condition in the usage of asynchronous IO and fallocate on an ext4
filesystem could lead to exposure of stale data from a deleted file. An
unprivileged local user could use this flaw to read privileged information.


* CVE-2013-0310: NULL pointer dereference in CIPSO socket options.

Adding a CIPSO option to a socket could result in a NULL pointer
dereference and kernel crash under specific conditions.


* Divide by zero in scheduler group management.

A divide by zero is triggered in find_busiest_group when cpu_power is
0.  This can lead to a kernel crash.


* CVE-2013-1767: Use-after-free in tmpfs mempolicy remount.

If a tempfs mount that was originally mounted with the mpol=M
option is remounted it reuses the already freed mempolicy object.


* Xen guest restore failure with PVHVM guests.

Missing power management calls could cause a Xen PVHVM guest
to restore after a xm restore command.


* CVE-2012-2375: Kernel crash in NFSv4.

The upstream fix for CVE-2010-4131 was incomplete and still exploitable
under certain circumstances.  nfs4_getfacl decoding causes a kernel
crash when a server returns more than 2 GETATTR bitmap words in response
to the FATTR4_ACL attribute request.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.





More information about the El-errata mailing list