[El-errata] New updates available via Ksplice (ELSA-2013-2520)

Fri Apr 26 02:08:12 PDT 2013

Synopsis: ELSA-2013-2520 can now be patched using Ksplice
CVEs: CVE-2012-5517 CVE-2012-6537 CVE-2012-6546 CVE-2012-6547 CVE-2013-0349 CVE-2013-0871 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796 CVE-2013-1798 CVE-2013-1826 CVE-2013-1827

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2013-2520.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 6 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2013-1826: NULL pointer dereference in XFRM buffer size mismatch.

Linux kernel built with XFRM framework support is vulnerable to a NULL pointer
dereference flaw. It occurs while accessing XFRM state via xfrm_state_netlink
routine.

* CVE-2012-6537: Kernel information leaks in network transformation subsystem.

This fixes several cases where xfrm_user code could lead kernel
memory to user space.

* CVE-2012-6546: Information leak in ATM sockets.

An malicious user can disclose the contents of kernel memory by calling
getsockname() on an ATM socket.

* CVE-2012-6547: Kernel stack leak from TUN ioctls.

The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before
3.6 does not initialize a certain structure, which allows local users to
obtain sensitive information from kernel stack memory via a crafted
application.

* CVE-2013-1796: Buffer overflow in KVM system time MSR.

The KVM paravirtualised MSR driver does not correctly validate system timer
arguments allowing a guest virtual machine to corrupt host kernel memory by
providing an unaligned MSR value.

* CVE-2013-1798: Information leak in KVM APIC driver.

The KVM paravirtualised APIC driver does not correctly validate arguments
from the guest virtual machine when querying the APIC device allowing a
malicious guest virtual machine read kernel memory from the host.

* CVE-2013-1792: Denial-of-service in user keyring management.

A race condition in installing a user keyring could allow a local,
unprivileged user to crash the machine causing a denial-of-service.

* CVE-2013-1774: NULL pointer dereference in USB Inside Out Edgeport serial driver.

A NULL pointer dereference may occur during disconnection of the driver
due to a missing check.

* CVE-2013-1827: Denial-of-service in DCCP socket options.

A NULL pointer dereference in the Datagram Congestion Control Protocol
(DCCP) implementation could allow a local user to cause a denial of
service.

* CVE-2013-0349: Kernel information leak in Bluetooth HIDP support.

An information leak was discovered in the Linux kernel's Bluetooth stack
when HIDP (Human Interface Device Protocol) support is enabled. A local
unprivileged user could exploit this flaw to cause an information leak
from the kernel.

* CVE-2013-0871: Privilege escalation in PTRACE_SETREGS.

A race condition in ptrace can lead to kernel stack corruption allowing
an attacker to control execution and possible escalate privileges.

* CVE-2012-5517: NULL pointer dereference in memory hotplug.

A NULL pointer dereference can occur when a new node's hot-added
memory is propagated to other nodes zonelists. An unprivileged local
user can use this flaw to crash the system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.