[Ksplice][RHEL6-Updates] New updates available via Ksplice (RHSA-2014:0328-1)

[Oracle Ksplice]

Synopsis: RHSA-2014:0328-1 can now be patched using Ksplice
CVEs: CVE-2013-1860 CVE-2014-0055 CVE-2014-0069 CVE-2014-0101 CVE-2014-2038

Systems running Red Hat Enterprise Linux 6 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2014:0328-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on RHEL 6 install these
updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2014-0101: NULL pointer dereference in SCTP protocol.

A flaw was found in the way Linux kernel processed authenticated
COOKIE_ECHO chunks in SCTP protocol. A remote attacker could use this flaw
to cause a denial-of-service by sending a maliciously prepared SCTP
handshake in order to trigger a NULL pointer dereference on the server.


* Use-after-free in EDAC Intel E752X driver.

Incorrect reference counting in the EDAC Intel E752X driver could lead to a
use-after-free and kernel crash. A local, privileged user could use this
flaw to cause a denial-of-service.


* CVE-2014-0069: Denial-of-service in CIFS filesystem on uncached writes.

A lack of input validation in the CIFS filesystem code could lead to memory
corruption and kernel crash. A local, unprivileged user could use this flaw
to cause a denial-of-service.


* CVE-2014-0055: Denial-of-service in vhost driver when handling rx buffers.

A flaw was found in the way the get_rx_bufs() function in the vhost_net
implementation handled certain error conditions.  A privileged guest user
could use this flaw to crash the host.


* Deadlock in XFS filesystem when removing a inode from namespace.

When removing an inode from a name space on an XFS file system, the file
system could enter a deadlock situation and become unresponsive.


* Memory leak in GFS2 filesystem for files with short lifespan.

A race condition in the GFS2 filesystem could lead to a memory leak for
files with a very short lifespan. A local, unprivileged user could use this
flaw to cause a denial-of-service.


* CVE-2013-1860: Buffer overflow in Wireless Device Management driver.

A malicious USB device can cause a buffer overflow and gain kernel code execution
by sending malformed Wireless Device Management packets.


* Missing check in selinux for IPSec TCP SYN-ACK packets.

Due to a flaw in the selinux code, IPSec TCP SYN-ACK packets could pass-
through without permission checking. An attacker could use this to send or
receive unauthorized traffic.


* Logic error in selinux when checking permissions on recv socket.

Due to a flaw in selinux permission checking, a logic error could lead to
forbidden data coming in.


* Denial-of-service when using network console logging.

A race condition between the network console send operation and the
driver's IRQ handler could lead to out of bounds memory access
resulting in a kernel crash.


* CVE-2014-2038: Data corruption in NFSv4 on concurrent client writes.

A logic error in the NFSv4 code could lead to data corruption when clients
write concurrently to the same file. An attacker could use this flaw to
cause data corruption on mounted NFSv4 filesystem.


* CVE-2013-(726[6789], 727[01], 322[89], 3231): Information leaks in recvmsg.

This fixes:
CVE-2013-7266, CVE-2013-7267, CVE-2013-7268, CVE-2013-7269
CVE-2013-7270, CVE-2013-7271
CVE-2013-3228, CVE-2013-3229
CVE-2013-3231

The recvmsg(2) ioctls in several network devices do not initialize the
length of a network address causing the contents of kernel memory to be
disclosed to userspace due to uninitialized memory leaks under certain
circumstances.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.