[Ksplice][CloudLinux 5 Updates] New updates available via Ksplice (2.6.18-498.el5.lve0.8.80)

Oracle Ksplice ksplice-support_ww at oracle.com
Mon Dec 22 02:38:35 PST 2014 

Synopsis: 2.6.18-498.el5.lve0.8.80 can now be patched using Ksplice
CVEs: CVE-2012-6638 CVE-2013-2888 CVE-2013-2929 CVE-2013-4483 CVE-2013-7263 CVE-2013-7339 CVE-2014-1737 CVE-2014-1738 CVE-2014-2678 CVE-2014-3917 CVE-2014-4699 CVE-2014-9090 CVE-2014-9322

Systems running CloudLinux 5 can now use Ksplice to patch against the
latest CloudLinux 5 kernel update, 2.6.18-498.el5.lve0.8.80.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on CloudLinux 5 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2014-1737, CVE-2014-1738: Local privilege escalation in floppy ioctl.

The floppy driver would leak internal memory addresses to userspace,
and would allow unprivileged userspace code to overwrite those
addresses, allowing for a local privilege escalation and gaining
of root.


* CVE-2014-4699: Privilege escalation in ptrace() RIP modification.

Missing validation of the RIP value could allow an unprivileged user to
cause the CPU to fetch instructions from a non-canonical address.  On
some CPUs this could result in a denial-of-service or potentially allow
escalation of privileges.


* CVE-2014-9090, CVE-2014-9322: Denial-of-service in double-fault handling on bad stack segment.

A flaw when handling double faults associated with the stack segment
register could lead to a kernel panic.  A local, unprivileged user could
use this flaw via the modify_ldt() system call to cause a
denial-of-service.


* CVE-2013-2929: Incorrect permissions check in ptrace with dropped privileges.

The ptrace subsystem incorrectly checked the state of the fs.suid_dumpable
sysctl allowing a user to ptrace attach to a process if it had dropped
privileges to that user.


* CVE-2013-7263: Information leak in IPv4 and IPv6 socket recvmsg.

The IPv4, IPv6 and PhoNet recvmsg(2) ioctls do not initialise the length a network
address causing the contents of kernel memory to be disclosed to userspace under
certain circumstances.


* CVE-2013-4483: Denial-of-service in IPC subsystem when taking a reference count.

The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10
does not properly manage a reference count, which allows local users to
cause a denial of service (memory consumption or system crash) via a
crafted application.


* CIFS mount failure on VZ hardware node.

Incorrect permissions checks could result in failure to mount a CIFS
filesystem on the hardware node of a VZ system.


* CVE-2012-6638: Denial-of-service in TCP's SYN+FIN messages.

TCP's SYN+FIN messages had an issue where an attacker could cuase a
denial-of-service via a flood for SYN+FIN TCP packets.


* CVE-2013-2888: Kernel memory corruption flaw via oversize HID report id.

The Human Interface Device (HID) code is vulnerable to a memory
corruption flaw. An attacker could use this to crash the system
resulting in a denial-of-service or could elevate privileges.


* Panic in GFS2 filesystem locking code.

If a readpage operation attempted to take a lock that was already held
elsewhere, a kernel panic would occur.


* NULL pointer dereference in IUCV code.

In certain circumstances while establishing a connection, the Inter User
Communication Vehicle (IUCV) code would dereference a NULL pointer which
an attacker could use to cause a denial-of-service.


* Kernel BUG when writing asynchronously to block device.

Due to an incomplete backport of an upstream patch, using asyncronous I/O
to write to a block device would cause a pointer to a file offset to be
passed instead of the offset itself. This could in certain circumstances
lead to an assertion failure and subsequent kernel crash; a malicious
local user could potentially use this to cause denial of service.


* CVE-2014-2678: NULL pointer dereference in RDS protocol when binding.

A missing check in the wireless RDS protocol leads to a NULL pointer
dereference when there is no device. A local, unprivileged user could use
this flaw to cause a NULL pointer dereference and denial-of-service.


* CVE-2014-3917: Denial-of-service and information leak in audit syscall subsystem.

Linux kernel built with the system-call auditing support is vulnerable to a
kernel crash or information disclosure flaw caused by out of bounds memory
access.  When system call audit rules are present on a system, an
unprivileged user could use this flaw to leak kernel memory or cause a
denial-of-service.


* Memory leak in GFS2 filesystem for files with short lifespan.

A race condition in the GFS2 filesystem could lead to a memory leak for
files with a very short lifespan. A local, unprivileged user could use this
flaw to cause a denial-of-service.


* CVE-2013-7339: NULL pointer dereference in RDS socket binding.

A missing pointer validation can trigger a NULL pointer dereference and kernel
panic when binding an RDS socket.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-CloudLinux5-Updates mailing list