[Ksplice][RHEL6-Updates] New updates available via Ksplice (RHSA-2013:1645)
Oracle Ksplice
ksplice-support_ww at oracle.com
Fri Nov 22 13:54:07 PST 2013
Synopsis: RHSA-2013:1645 can now be patched using Ksplice
CVEs: CVE-2012-6542 CVE-2012-6545 CVE-2013-0343 CVE-2013-1928 CVE-2013-1929 CVE-2013-2164 CVE-2013-2234 CVE-2013-2851 CVE-2013-2888 CVE-2013-2889 CVE-2013-3231 CVE-2013-4387 CVE-2013-4591 CVE-2013-4592
Systems running Red Hat Enterprise Linux 6 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2013:1645.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on RHEL 6 install these
updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2013-4387: Memory corruption in IPv6 UDP fragmentation offload.
The kernel IPv6 stack does not correctly handle queuing multiple UDP fragments
when using UDP Fragmentation Offloading allowing a local unprivileged user to
cause kernel memory corruption and potentially gain privileged code execution.
* CVE-2013-0343: Denial of service in IPv6 privacy extensions.
A malicious remote user can disable IPv6 privacy extensions by flooding the host
with malicious temporary addresses.
* Off-by-one error causes reduced entropy in kernel PRNG.
An off-by-one error can cause the default kernel pseudorandom number generator
to return duplicate bytes when filling multiple buffers in quick succession.
* CVE-2013-2888: Memory corruption in Human Input Device processing.
The kernel does not correctly validate the 'Report ID' field in HID data allowing
a malicious USB or Bluetooth device to cause memory corruption and gain kernel
code execution.
* CVE-2013-2889: Memory corruption in Zeroplus HID driver.
The Zeroplus game controller device driver does not correctly validate
data from devices allowing a malicious device to cause kernel memory
corruption and potentially gain kernel code execution.
* CVE-2012-6542: Information leak in LLC socket name.
A malicious user can disclose the contents of kernel memory by calling
getsockname() on an LLC socket.
* CVE-2013-3231: Kernel stack information leak in LLC sockets.
Missing initialization could allow a local user to leak kernel stack
information when receiving messages.
* CVE-2013-1929: Buffer overflow in TG3 VPD firmware parsing.
Incorrect length checks when parsing the firmware could cause a buffer
overflow and corruption of memory.
* CVE-2012-6545: Information leak in Bluetooth RFCOMM socket name.
A malicious user can disclose the contents of kernel memory by calling
getsockname() on an Bluetooth RFCOMM socket.
* CVE-2013-1928: Kernel information leak in compat_ioctl/VIDEO_SET_SPU_PALETTE.
The compat control device call for VIDEO_SET_SPU_PALETTE was missing an error check
while converting the input arguments. This could lead to leaking kernel
stack contents into userspace.
* CVE-2013-2164: Kernel information leak in the CDROM driver.
Incorrect allocation in the generic CDROM driver could result in leaking
heap memory to userspace.
* CVE-2013-2234: Information leak in IPsec key management.
An error in the AF_KEY implementation allows privileged users to leak contents of
the kernel stack to userspace.
* CVE-2013-2851: Format string vulnerability is software RAID device names.
A format string vulnerability in partition registration allows local
users to execute kernel mode code by writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create an invalid
/dev/md device name.
* CVE-2013-4591: Privilege escalation in NFSv4 ACL handling.
The vendor fix for CVE-2012-2375 accidentally removed a check for small-sized
result buffers. A local, unprivileged user with access to an NFSv4 mount with
ACL support could use this flaw to crash the system or, potentially, escalate
their privileges on the system.
* CVE-2013-4592: Denial-of-service in KVM IOMMU mappings.
A flaw was found in the way IOMMU memory mappings were handled when
moving memory slots. A malicious user on a KVM host who has the ability to
assign a device to a guest could use this flaw to crash the host.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-RHEL6-Updates
mailing list