[Ksplice][RHEL 5 Updates] New updates available via Ksplice (RHSA-2013:1292-1)

[Oracle Ksplice]

Synopsis: RHSA-2013:1292-1 can now be patched using Ksplice
CVEs: CVE-2012-3511 CVE-2013-2141 CVE-2013-4162

Systems running Red Hat Enterprise Linux 5 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2013:1292-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 5 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-2141: Information leak in tkill() and tgkill() system calls.

Due to a lack of proper initialisation, the tkill() and tgkill() system
calls may leak data from the kernel stack to an unprivileged local user.


* CVE-2013-4162: Denial-of-service with IPv6 sockets with UDP_CORK.

When pushing pending frames in IPv6 udp code, an incorrect function call can
be made. This allows local users to cause a denial of service (BUG and system
crash) via a crafted application that uses the UDP_CORK option in a
setsockopt system call.


* CVE-2012-3511: Use-after-free due to race condition in madvise.

A race condition between munmap and madvise can cause a use-after-free
in the memory management system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.