[Ksplice][Virtuozzo 4 Updates] New Ksplice updates for Virtuozzo 4 or OpenVZ on RHEL 5 (2.6.18-417.el5.028stab121.1)

[Oracle Ksplice]

Synopsis: 2.6.18-417.el5.028stab121.1 can now be patched using Ksplice
CVEs: CVE-2013-2596 CVE-2016-1583 CVE-2016-7117

Systems running Virtuozzo 4 or the OpenVZ RHEL 5 kernel can now use
Ksplice to patch against the latest Parallels Virtuozzo Containers
kernel security update, 2.6.18-417.el5.028stab121.1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Virtuozzo 4 or
OpenVZ on RHEL 5 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-7117: Denial-of-service in recvmmsg() error handling.

Incorrect reference counting could result in a use-after-free in the
recvmmsg() system call.  A local, unprivileged user could use this flaw
to trigger a denial-of-service.


* CVE-2013-2596: Privilege escalation in video frame buffer driver.

Integer overflow in the fb_mmap() function allows local users to create a
read-write memory mapping for the entirety of kernel memory, and
consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system
calls.


* CVE-2016-1583: Privilege escalation in eCryptfs.

Mounting eCryptfs over procfs could result in a stack overflow with deep
nesting allowing a local, unprivileged user to cause a
denial-of-service, or potentially escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.