[El-errata] New updates available via Ksplice (ELSA-2013-2534)

Thu Jun 13 01:28:43 PDT 2013

Synopsis: ELSA-2013-2534 can now be patched using Ksplice
CVEs: CVE-2012-4542 CVE-2012-6542 CVE-2013-1860 CVE-2013-1929 CVE-2013-1943

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2013-2534.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 6 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2012-6542: Information leak in LLC socket name.

A malicious user can disclose the contents of kernel memory by calling
getsockname() on an LLC socket.

* NULL pointer dereference in filesystem automounting.

Incorrect handling of namespaces could trigger a NULL pointer
dereference when automounting a filesystem.

* CVE-2013-1929: Buffer overflow in TG3 VPD firmware parsing.

Incorrect length checks when parsing the firmware could cause a buffer
overflow and corruption of memory.

* CVE-2013-1860: Buffer overflow in Wireless Device Management driver.

A malicious USB device can cause a buffer overflow and gain kernel code execution
by sending malformed Wireless Device Management packets.

* Incorrect MAC address usage after bonding failover.

Missing events in the bonding subsystem could cause the old MAC address
to be used after a failover when the fail_over_mac parameter was set to
'active'.

* Denial of service due to race condition in the scheduler subsystem.

A race condition between exiting a task on one CPU and waking it up by a
different CPU can cause a kernel panic when the second task will try
waking up a dead task.

* CVE-2012-4542: SCSI command filter does not restrict access to read-only devices.

The default SCSI command filter does not accommodate commands that overlap across
device classes. A privileged guest user could potentially use this flaw to write
arbitrary data to a LUN that is passed-through as read-only.

* Memory corruption with mprotect() calls.

Incorrect copying of anonymous Virtual Memory Area (VMA) pointers could
cause memory corruption and result in a kernel crash when the system was
under heavy memory pressure.

* Network failure on Xen live migration.

A race condition between sending the gratuitous ARP and activating the
Xen network backend device could cause the ARP to get lost when
migrating a domain causing networking to fail.

* Kernel crash in SUNRPC socket export removal.

Incorrect locking could result in a kernel crash when removing socket
exports.

* Kernel crash in address validation with 1GB pages.

Validating a kernel address on a system with 1GB pages could cause a
kernel crash.  This could be triggered by reading /proc/vmcore.

* CVE-2013-1943: Local privilege escalation in KVM memory mappings.

A missing sanity check was found in KVM's memory mapping subsystem,
allowing a user-space process to register memory regions pointing
to the kernel address space. A local, unprivileged user could use this flaw
to escalate their privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.