[El-errata] New updates available via Ksplice (ELSA-2013-2583)

[Errata Announcements for Oracle Linux]

Synopsis: ELSA-2013-2583 can now be patched using Ksplice
CVEs: CVE-2013-0343 CVE-2013-2888 CVE-2013-2889 CVE-2013-2892 CVE-2013-4345 CVE-2013-4387 CVE-2013-4592

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2013-2583.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 6 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-4387: Memory corruption in IPv6 UDP fragmentation offload.

The kernel IPv6 stack does not correctly handle queuing multiple UDP fragments
when using UDP Fragmentation Offloading allowing a local unprivileged user to
cause kernel memory corruption and potentially gain privileged code execution.


* CVE-2013-0343: Denial of service in IPv6 privacy extensions.

A malicious remote user can disable IPv6 privacy extensions by flooding the host
with malicious temporary addresses.


* CVE-2013-2888: Memory corruption in Human Input Device processing.

The kernel does not correctly validate the 'Report ID' field in HID data allowing
a malicious USB or Bluetooth device to cause memory corruption and gain kernel
code execution.


* CVE-2013-4345: Off-by-one in the ANSI Crypto RNG.

An off-by-one flaw was found in the way the ANSI CPRNG implementation in
the Linux kernel processed non-block size aligned requests. This could lead
to random numbers being generated with less bits of entropy than expected
when ANSI CPRNG was used.


* CVE-2013-4592: Denial-of-service in KVM IOMMU mappings.

A flaw was found in the way IOMMU memory mappings were handled when
moving memory slots. A malicious user on a KVM host who has the ability to
assign a device to a guest could use this flaw to crash the host.


* CVE-2013-2889: Memory corruption in Zeroplus HID driver.

The Zeroplus game controller device driver does not correctly validate
data from devices allowing a malicious device to cause kernel memory
corruption and potentially gain kernel code execution.


* CVE-2013-2892: Memory corruption in Pantherlord Human Input Device processing.

Missing validation of HID report data could cause corruption of heap
memory.  A local user with physical access to the system could use this
flaw to crash the kernel resulting in DoS or potential privilege
escalation to gain root access via arbitrary code execution.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.