[El-errata] New updates available via Ksplice (ELSA-2013-2519)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Apr 26 02:08:17 PDT 2013 

Synopsis: ELSA-2013-2519 can now be patched using Ksplice
CVEs: CVE-2013-0349 CVE-2013-1767 CVE-2013-1792 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2013-2519.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 6 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-1767: Use-after-free in tmpfs mempolicy remount.

If a tempfs mount that was originally mounted with the mpol=M
option is remounted it reuses the already freed mempolicy object.


* CVE-2013-1796: Buffer overflow in KVM system time MSR.

The KVM paravirtualised MSR driver does not correctly validate system timer
arguments allowing a guest virtual machine to corrupt host kernel memory by
providing an unaligned MSR value.


* CVE-2013-1798: Information leak in KVM APIC driver.

The KVM paravirtualised APIC driver does not correctly validate arguments
from the guest virtual machine when querying the APIC device allowing a
malicious guest virtual machine read kernel memory from the host.


* CVE-2013-1792: Denial-of-service in user keyring management.

A race condition in installing a user keyring could allow a local,
unprivileged user to crash the machine causing a denial-of-service.


* NULL pointer dereference in USB Inside Out Edgeport serial driver.

A NULL pointer dereference may occur during disconnection of the driver
due to a missing check.


* CVE-2013-0349: Kernel information leak in Bluetooth HIDP support.

An information leak was discovered in the Linux kernel's Bluetooth stack
when HIDP (Human Interface Device Protocol) support is enabled. A local
unprivileged user could exploit this flaw to cause an information leak
from the kernel.


* CVE-2013-1797: Use-after-free in KVM system time.

The KVM paravirtualised MSR driver does not pin guest memory associated with
paravirtualised timers allowing a guest virtual machine to crash the host by
unmapping memory.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list