[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2013:1034)
Jamie Iles
jamie.iles at oracle.com
Thu Jul 11 08:23:14 PDT 2013
Synopsis: RHSA-2013:1034 can now be patched using Ksplice
CVEs: CVE-2012-6544 CVE-2012-6545 CVE-2013-0914 CVE-2013-1929 CVE-2013-3222 CVE-2013-3224 CVE-2013-3231 CVE-2013-3235
Systems running Red Hat Enterprise Linux 5 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2013:1034.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on RHEL 5 install these
updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2012-6545: Information leak in Bluetooth RFCOMM socket name.
A malicious user can disclose the contents of kernel memory by calling
getsockname() on an Bluetooth RFCOMM socket.
* CVE-2013-3222: Kernel stack information leak in ATM sockets.
Missing data clearing operations could allow an unprivileged user to
leak kernel stack memory to userspace.
* CVE-2013-3224: Kernel stack information leak in Bluetooth sockets.
Receiving messages from a bluetooth socket whilst the socket is
simultaneously being shut down could leak kernel stack bytes to
userspace allowing a local user to gain information about the running
kernel.
* CVE-2013-3231: Kernel stack information leak in LLC sockets.
Missing initialization could allow a local user to leak kernel stack
information when receiving messages.
* CVE-2013-3235: Kernel stack information leak in TIPC protocol.
Missing initialization could allow a local user to leak stack
information when receiving messages on a Transparent Inter Process
Communication (TIPC) socket.
* CVE-2012-6544: Information leak in Bluetooth L2CAP socket name.
A malicious user can disclose the contents of kernel memory by calling
getsockname() on an Bluetooth L2CAP socket.
* CVE-2013-1929: Buffer overflow in TG3 VPD firmware parsing.
Incorrect length checks when parsing the firmware could cause a buffer
overflow and corruption of memory.
* CVE-2013-0914: Information leak in signal handlers.
A logic error in the handling of signal handlers allows a child process to
leak information about the memory layout of parent processes.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-RHEL5-Updates
mailing list