[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-13773)

[Oracle Ksplice]

Synopsis: FEDORA-2014-13773 can now be patched using Ksplice
CVEs: CVE-2014-3610 CVE-2014-3611 CVE-2014-3646 CVE-2014-3647 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-3690 CVE-2014-8086 CVE-2014-8369

Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-13773.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2014-8086: Denial-of-service on ext4 filesystem.

A race condition in the ext4 filesystem when concurrently writing to a file
and changing its status flags to O_DIRECT could lead to a kernel BUG(). A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2014-3673: Remote denial-of-service in SCTP stack.

A flaw in the SCTP stack when receiving malformed ASCONF chunks leads to a
kernel panic. A remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2014-3687: Remote denial-of-service in SCTP stack.

A flaw in the SCTP stack when receiving duplicate ASCONF chunks leads to a
kernel panic. A remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2014-3688: Remote denial-of-service in SCTP stack by memory exhaustion.

A flaw in the SCTP stack could allow a remote attacker to force a SCTP
server to allocate big amounts of memory and trigger the kernel
out-of-memory killer, leading to a denial-of-service.


* CVE-2014-3610: Denial-of-service in KVM host from the guest.

A KVM guest could write a non-canonical address to certain MSRs registers,
which the host KVM will write into its own MSRs registers, leading the host
kernel to panic. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2014-3611: Denial-of-service in KVM emulated programmable interval timer.

Incorrect locking in the KVM emulated programmable interval timer (PIT)
could crash the host kernel under specific conditions. A local attacker
could use this flaw to cause a denial-of-service in the host KVM.


* CVE-2014-3647: Denial-of-service in guest KVM when changing RIP to non-canonical address.

A flaw in the KVM emulator mishandles non-canonical addresses when
emulating instructions which change the instruction pointer, potentially
causing a failed VM-entry. A privileged guest user could use this flaw to
cause a denial-of-service in the guest.


* CVE-2014-3646: KVM guest denial-of-service when using invvpid opcode.

The KVM host emulator does not handle gracefully a KVM guest using the
invvpid opcode, causing a guest VM exit without proper error codes being
propagated to userspace. A local, unprivileged guest user could use this
flaw to crash a KVM guest VM and cause a denial-of-service.


* CVE-2014-8369: Denial-of-service in KVM page mapping.

Due to an incomplete fix for CVE-2014-3601, the KVM map pages function
miscalculates the number of pages to be un-pinned in case of a mapping
failure, which allows guest OS users to cause a denial-of-service by
corrupting the host memory.


* CVE-2014-3690: Denial of Service in KVM/VMX CR4 register management.

KVM on VMX does not reload the CR4 register when it changes on the host,
which means that host features aren't updated on guests. This could lead
to a local denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.