[El-errata] New updates available via Ksplice (ELSA-2014-3104)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Sat Dec 13 02:20:33 PST 2014 

Synopsis: ELSA-2014-3104 can now be patched using Ksplice
CVEs: CVE-2014-1739 CVE-2014-3181 CVE-2014-3186 CVE-2014-3688 CVE-2014-4027 CVE-2014-4652 CVE-2014-4656 CVE-2014-6410

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Security Advisory, ELSA-2014-3104.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on EL 5 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2014-3688: Remote denial-of-service in SCTP stack by memory exhaustion.

A flaw in the SCTP stack could allow a remote attacker to force a SCTP
server to allocate big amounts of memory and trigger the kernel
out-of-memory killer, leading to a denial-of-service.


* CVE-2014-3186: Memory corruption in PicoLCD USB driver.

The PicoLCD USB driver does not correctly validate event data allowing a
malicious USB device to trigger kernel memory corruption and potentially
gain elevated privileges.


* CVE-2014-4656: ALSA Control ID overflow.

Missing range checks in ALSA control IDs could lead to an integer overflow.


* CVE-2014-6410: Denial of service in UDF filesystem parsing.

The kernel UDF filesystem driver does not correctly validate indirect
inodes allowing a malicious user to cause a kernel panic by mounting a
UDF volume with deeply nested indirect inodes.


* CVE-2014-1739: Information leak in the media stack when enumerating media devices.

The ioctl() to enumerate media devices can copy 200 bytes of kernel stack
to userspace. A local user with write access to /dev/mediaX could use this
flaw to gather information about the running kernel.


* CVE-2014-4652: Arbitrary memory disclosure in ALSA user controls.

Lack of synchronization between reads and writes to ALSA user controls
could lead to a kernel memory disclosure.


* CVE-2014-3181: Memory corruption in Apple Magic Mouse USB driver.

The Apple Magic Mouse USB driver does not correctly validate event data
allowing a malicious USB device to trigger kernel memory corruption and
potentially gain elevated privileges.


* CVE-2014-4027: Information leak in iSCSI Target ramdisk transport.

Due to incorrect initialization of one of the data structures used by
the iSCSI Target ramdisk transport, local users could obtain sensitive
information from the ramdisk memory that they should not have access
to.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list