[Ksplice][EL7-Updates] New updates available via Ksplice (RHSA-2015:1137-1)

Wed Jun 24 08:34:44 PDT 2015

Synopsis: RHSA-2015:1137-1 can now be patched using Ksplice
CVEs: CVE-2014-9420 CVE-2014-9529 CVE-2014-9584 CVE-2015-1573 CVE-2015-1593 CVE-2015-1805 CVE-2015-2830

Systems running RHCK on Oracle Linux 7, Red Hat Enterprise Linux 7,
CentOS 7, and Scientific Linux 7 can now use Ksplice to patch against
the latest Red Hat Security Advisory, RHSA-2015:1137-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on OL 7, RHEL 7, CentOS
7, and Scientific Linux 7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2014-9420: Infinite loop in isofs when parsing continuation entries.

A flaw in the iso9660 file system support could lead to an infinite
recursion loop when parsing continuation entries.  An unprivileged user
could use this flaw to crash the system resulting in a denial-of-service.

* CVE-2014-9529: Use-after-free when garbage collecting keys.

A logic error when garbage collecting cryptographic keys leads to a
user-after-free and kernel panic. A local user could use this flaw to crash
the kernel and cause a denial-of-service.

* CVE-2015-1593: Stack layout randomization entropy reduction.

A flaw in the the stack base randomization code could result in a
reduction of entropy by a factor of four.  An attacker could use this
flaw to reduce the amount of work needed to bypass ASLR.

* CVE-2015-1805: Memory corruption in handling of userspace pipe I/O vector.

Pipe I/O vector handling functions didn't handle failure of atomic accesses
correctly. This would allow a local unprivileged user to crash the system.

* CVE-2015-1573: Use-after-free when flushing netfilter rules.

The kernel netfilter implementation frees kernel resources in an
incorrect order which can trigger a use-after-free condition and
possible kernel panic when flushing a netfilter table.

* CVE-2014-9584: Out-of-bounds memory access in ISO filesystem when printing ER records.

A missing input validation when printing ER records on the iso9660 driver
could lead to an out-of-bounds memory write, potentially leading to a
kernel panic.  A local attacker could use a corrupted ISO file to cause a
denial-of-service.

* CVE-2015-2830: mis-handling of int80 fork from 64bits application.

A flaw in the ret_from_fork assembly stub does not prevent the TS_COMPAT
flag from reaching a user-mode task.  An attacker could potentially use
this flaw to bypass the seccomp or audit protections via a crafted
application.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.