[Ksplice][Debian 7.0 Updates] New updates available via Ksplice (DSA-2745-1)

Fri Aug 30 16:57:15 PDT 2013

Synopsis: DSA-2745-1 can now be patched using Ksplice
CVEs: CVE-2013-1059 CVE-2013-2148 CVE-2013-2164 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237 CVE-2013-2851 CVE-2013-2852 CVE-2013-4162 CVE-2013-4163

Systems running Debian 7.0 Wheezy can now use Ksplice to patch against
the latest Debian Security Advisory, DSA-2745-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Debian 7.0 Wheezy
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2013-4163: Kernel crash in IPv6 sockets with IPV6_MTU set.

Incorrect handling of IPv6 sockets with IPV6_MTU set could result in
a kernel BUG() and subsequent crash.

* CVE-2013-1059: NULL pointer dereference in CephFS authentication.

A lack of validation can allow a remote user to trigger a NULL pointer dereference
and kernel panic by attempting to authenticate with the "auth_none" Ceph
authentication.

* CVE-2013-2148: Kernel information leak in file system notifications.

The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c
in the Linux kernel through 3.9.4 does not initialize a certain structure
member, which allows local users to obtain sensitive information from kernel
memory via a read operation on the fanotify descriptor.

* CVE-2013-4162: Denial-of-service with IPv6 sockets with UDP_CORK.

When pushing pending frames in IPv6 udp code, an incorrect function call can
be made. This allows local users to cause a denial of service (BUG and system
crash) via a crafted application that uses the UDP_CORK option in a
setsockopt system call.

* CVE-2013-2851: Format string vulnerability is software RAID device names.

A format string vulnerability in partition registration allows local
users to execute kernel mode code by writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create an invalid
/dev/md device name.

* CVE-2013-2234: Information leak in IPsec key management.

An error in the AF_KEY implementation allows privileged users to leak contents of
the kernel stack to userspace.

* CVE-2013-2164: Kernel information leak in the CDROM driver.

Incorrect allocation in the generic CDROM driver could result in leaking
heap memory to userspace.

* CVE-2013-2852: Invalid format string usage in Broadcom B43 wireless driver.

Format string vulnerability in the b43_request_firmware function
in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4
allows local users to gain privileges by leveraging root access and
including format string specifiers in an fwpostfix modprobe parameter,
leading to improper construction of an error message.

* CVE-2013-2232: Memory corruption in IPv6 routing cache.

Connecting an IPv6 socket to an IPv4 destination can cause IPv4 routing
information to be placed in the IPv6 routing cache causing memory corruption
and a kernel panic.

* CVE-2013-2237: Information leak on IPSec key socket.

Incorrect initialization on policy flushing could leak kernel stack
bytes to userspace.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.