[Ksplice][CloudLinux 5 Updates] New updates available via Ksplice (2.6.18-471.3.1.el5.lve0.8.72)

Fri Dec 19 18:02:26 PST 2014

Synopsis: 2.6.18-471.3.1.el5.lve0.8.72 can now be patched using Ksplice
CVEs: CVE-2012-3511 CVE-2013-0343 CVE-2013-2141 CVE-2013-4162 
CVE-2013-4299 CVE-2013-4345 CVE-2014-1737 CVE-2014-1738 CVE-2014-4699 
CVE-2014-9090 CVE-2014-9322

Systems running CloudLinux 5 can now use Ksplice to patch against the
latest CloudLinux 5 kernel update, 2.6.18-471.3.1.el5.lve0.8.72.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 5 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2013-2141: Information leak in tkill() and tgkill() system calls.

Due to a lack of proper initialisation, the tkill() and tgkill() system
calls may leak data from the kernel stack to an unprivileged local user.

* CVE-2013-4162: Denial-of-service with IPv6 sockets with UDP_CORK.

When pushing pending frames in IPv6 udp code, an incorrect function call can
be made. This allows local users to cause a denial of service (BUG and 
system
crash) via a crafted application that uses the UDP_CORK option in a
setsockopt system call.

* CVE-2012-3511: Use-after-free due to race condition in madvise.

A race condition between munmap and madvise can cause a use-after-free
in the memory management system.

* CVE-2013-4299: Information leak in device mapper persistent snapshots.

An information leak flaw was found in the way Linux kernel's device
mapper subsystem, under certain conditions, interpreted data written to
snapshot block devices. An attacker could use this flaw to read data
from disk blocks in free space, which are normally inaccessible.

* CVE-2013-4345: Off-by-one in the ANSI Crypto RNG.

An off-by-one flaw was found in the way the ANSI CPRNG implementation in
the Linux kernel processed non-block size aligned requests. This could lead
to random numbers being generated with less bits of entropy than expected
when ANSI CPRNG was used.

* CVE-2013-0343: Denial of service in IPv6 privacy extensions.

A malicious remote user can disable IPv6 privacy extensions by flooding 
the host
with malicious temporary addresses.

* Incorrect handling of SCSI scatter-gather list mapping failures.

Due to an incorrect test condition in the mpt2sas driver, the driver was
unable to catch failures to map a SCSI scatter-gather list. The test
condition has been corrected so that the mpt2sas driver now handles SCSI
scatter-gather mapping failures as expected.

* CVE-2014-1737, CVE-2014-1738: Local privilege escalation in floppy ioctl.

The floppy driver would leak internal memory addresses to userspace,
and would allow unprivileged userspace code to overwrite those
addresses, allowing for a local privilege escalation and gaining
of root.

* CVE-2014-4699: Privilege escalation in ptrace() RIP modification.

Missing validation of the RIP value could allow an unprivileged user to
cause the CPU to fetch instructions from a non-canonical address.  On
some CPUs this could result in a denial-of-service or potentially allow
escalation of privileges.

* CVE-2014-9090, CVE-2014-9322: Denial-of-service in double-fault 
handling on bad stack segment.

A flaw when handling double faults associated with the stack segment
register could lead to a kernel panic.  A local, unprivileged user could
use this flaw via the modify_ldt() system call to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.