[El-errata] New updates available via Ksplice (ELSA-2013-1292-1)
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Oct 1 10:33:06 PDT 2013
Synopsis: ELSA-2013-1292-1 can now be patched using Ksplice
CVEs: CVE-2012-3511 CVE-2013-2141 CVE-2013-4162
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2013-1292-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on EL 5 install these
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2013-2141: Information leak in tkill() and tgkill() system calls.
Due to a lack of proper initialisation, the tkill() and tgkill() system
calls may leak data from the kernel stack to an unprivileged local user.
* CVE-2013-4162: Denial-of-service with IPv6 sockets with UDP_CORK.
When pushing pending frames in IPv6 udp code, an incorrect function call can
be made. This allows local users to cause a denial of service (BUG and
crash) via a crafted application that uses the UDP_CORK option in a
setsockopt system call.
* CVE-2012-3511: Use-after-free due to race condition in madvise.
A race condition between munmap and madvise can cause a use-after-free
in the memory management system.
* Kernel panic on PCI device attach to running VM.
Incorrect handling of overlapping memory regions when setting the memory
type range register could result in a kernel crash when adding a PCI
device to a VM.
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the El-errata