[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2013:1166)

Jamie Iles jamie.iles at oracle.com
Thu Aug 22 04:45:14 PDT 2013 

Synopsis: RHSA-2013:1166 can now be patched using Ksplice
CVEs: CVE-2013-2147 CVE-2013-2164 CVE-2013-2206 CVE-2013-2224 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237

Systems running Red Hat Enterprise Linux 5 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2013:1166.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 5 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-2224: Denial of service in sendmsg().

An invalid free used while sending a message with the sendmsg(2) call with
IP_RETOPTS set could lead to a kernel crash.  This could be exploited by a
malicious user to cause a denial of service or possibly allow arbitrary code
execution.


* CVE-2013-2147: Kernel memory leak in Compaq Smart Array controllers.

Missing initialization of a returned result could leak internal kernel
memory back to userspace.


* CVE-2013-2164: Kernel information leak in the CDROM driver.

Incorrect allocation in the generic CDROM driver could result in leaking
heap memory to userspace.


* CVE-2013-2234: Information leak in IPsec key management.

An error in the AF_KEY implementation allows privileged users to leak contents of
the kernel stack to userspace.


* CVE-2013-2237: Information leak on IPSec key socket.

Incorrect initialization on policy flushing could leak kernel stack
bytes to userspace.


* CVE-2013-2232: Memory corruption in IPv6 routing cache.

Connecting an IPv6 socket to an IPv4 destination can cause IPv4 routing
information to be placed in the IPv6 routing cache causing memory corruption
and a kernel panic.


* CVE-2013-2206: NULL pointer dereference in SCTP duplicate cookie handling.

A flaw was found in the way the Linux kernel's Stream Control
Transmission Protocol (SCTP) implementation handled duplicate cookies.
If a local user queried SCTP connection information at the same time a
remote attacker has initialized a crafted SCTP connection to the system,
it could trigger a NULL pointer dereference, causing the system to
crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-RHEL5-Updates mailing list