[Ksplice][EL7-Updates] New updates available via Ksplice (RHSA-2015:0290-01)

Fri Mar 6 16:50:42 PST 2015

Synopsis: RHSA-2015:0290-01 can now be patched using Ksplice
CVEs: CVE-2014-3690 CVE-2014-3940 CVE-2014-7825 CVE-2014-7826 
CVE-2014-8086 CVE-2014-8160 CVE-2014-8173 CVE-2014-8709 CVE-2014-8884 
CVE-2015-0274

Systems running Red Hat Enterprise Linux 7 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2015:0290-01.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 7 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2015-0274: Privilege escalation in XFS remote attribute setting

XFS didn't correctly handle setting remote attributes, this allowed
an unpriviliged user to corrupt memory and possibly gain priviliges.

* CVE-2014-3690: Denial of Service in KVM/VMX CR4 register management.

KVM on VMX does not reload the CR4 register when it changes on the host,
which means that host features aren't updated on guests. This could lead
to a local denial of service.

* CVE-2014-3940: Memory corruption during huge page migration.

A missing check to verify the page table entry is present when gathering
stats about huge pages could lead to a memory corruption if the huge pages
are being migrated concurrently. A local, unprivileged user could use this
flaw to cause a denial-of-service.

* CVE-2014-7825, CVE-2014-7826: Perf DoS and local privilege escalation.

A missing validation of syscall id range allows an attacker to trigger a
kernel panic, or leverage it into gaining root privileges if root was
doing perf tracing at that time.

* CVE-2014-8160: iptables rules by-pass when the protocol module is not 
loaded.

A flaw in the generic conntrack sub-system allows protocols that do not
have a protocol handler kernel module loaded to pass through the iptables
firewall even if explicitly denied by rule.

* CVE-2014-8709: Information leak in mac80211 when transferring 
fragmented packet.

A flaw in the mac80211 stack could result in leaking 8 bytes of plain text
in the air. An attacker, physically in the range of the WiFi network, could
use this flaw to obtain sensitive informations.

* CVE-2014-8884: Buffer overflow in DEC2000 and DEC3000 USB adapters.

A lack of input validation when copying an ioctl command could lead to
overflowing data on the stack, causing a kernel panic. A local user could
use this flaw to cause a denial-of-service or potentially escalate
privileges.

* CVE-2014-8173: Denial-of-service in madvise with hugetlb support.

Incorrect page table locking could result in a NULL Pointer dereference
with madvise(MADV_WILLNEED).  A local, unprivileged user could use this
flaw to crash the system.

* CVE-2014-8086: Denial-of-service on ext4 filesystem.

A race condition in the ext4 filesystem when concurrently writing to a file
and changing its status flags to O_DIRECT could lead to a kernel BUG(). A
local attacker could use this flaw to cause a denial-of-service.

Ksplice will not be providing a rebootless update for CVE-2014-8172 at 
this time.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.