[Ksplice][RHEL6-Updates] New updates available via Ksplice (RHSA-2015:0674-1)
Jamie Iles
jamie.iles at oracle.com
Fri Mar 13 02:44:31 PDT 2015
Synopsis: RHSA-2015:0674-1 can now be patched using Ksplice
CVEs: CVE-2014-7822 CVE-2014-8160 CVE-2014-8369 CVE-2015-8159
Systems running Red Hat Enterprise Linux 6 can now use Ksplice to
patch against the latest Red Hat Security Advisory, RHSA-2015:0674-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on RHEL 6 install these
updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2014-8369: Denial-of-service in KVM page mapping.
Due to an incomplete fix for CVE-2014-3601, the KVM map pages function
miscalculates the number of pages to be un-pinned in case of a mapping
failure, which allows guest OS users to cause a denial-of-service by
corrupting the host memory.
* CVE-2014-8160: iptables rules by-pass when the protocol module is not loaded.
A flaw in the generic conntrack sub-system allows protocols that do not
have a protocol handler kernel module loaded to pass through the iptables
firewall even if explicitly denied by rule.
* CVE-2014-7822: Incorrect parameter validation in splice() system call.
An incorrect parameter validation in the splice() system call could allow
a local, unprivileged user to use this flaw to write past the maximum
file size, and thus crash the system.
* CVE-2015-8159: Privilege escalation in Infiniband userspace access.
Missing sanitization of userspace input to the Infiniband userspace
memory access subsystem could allow a local user with access to the
/dev/infiniband/uverbsX device nodes to crash the system or,
potentially, escalate their privileges on the system.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-RHEL6-Updates
mailing list