[Ksplice][Fedora-15-updates] New updates available via Ksplice (FEDORA-2011-8245)
Keegan McAllister
keegan at ksplice.com
Sun Jun 19 19:39:17 PDT 2011
Synopsis: FEDORA-2011-8245 can now be patched using Ksplice
CVEs: CVE-2011-1017
Systems running Fedora 15 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2011-8245.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 15 install
these updates. You can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* Kernel oops after blk_cleanup_queue.
The kernel function blk_cleanup_queue() could deallocate an I/O scheduler while
it is still in use, causing a kernel oops.
* Use-after-free in ext4_remove_li_request.
The function ext4_remove_li_request could access already-deallocated memory
under certain circumstances.
* Denial of service in iwl_mac_change_interface.
If the kernel function iwl_mac_change_interface is called during firmware
restart, a kernel crash could occur.
* Data corruption of ext3 directory nodes.
Under certain error conditions, the ext3 filesystem could fail to write back
some modified buffers, causing data corruption of ext3 directory nodes.
* Denial of service in JBD fsync transaction handling.
Certain workloads involving fdatasync() and fsync() on filesystems using the
JBD layer could cause denial of service (BUG assertion failure).
* Bridge failure on IPv6 packets.
Bridge interfaces would fail to forward IPv6 packets.
* Denial of service in irda_sendmsg.
Invalid flags passed to the sendmsg() system call on an IRDA socket could cause
a locking inbalance, resulting in denial of service (BUG assertion failure).
* Race condition in sctp_bind_addr_free and sctp_bind_addr_conflict.
A race condition between the kernel functions sctp_bind_addr_free() and
sctp_bind_addr_conflict() could cause denial of service (kernel crash) or other
kernel misbehavior.
* Improper reference counting in sock_queue_err_skb.
The kernel function sock_queue_err_skb() did not properly reference-count
packets.
* Memory leak in SCTP ASCONF queueing.
The kernel's SCTP protocol implementation did not properly free
memory allocated for an SCTP ASCONF queue.
* Deadlock in IO APIC initialization on resume from sleep.
The kernel function alloc_ioapic_entries() could sleep in a context where it is
not allowed to do so, causing a deadlock.
* Improved fix for CVE-2011-1017.
Fedora provided an improved fix for the CVE-2011-1017 security issue.
* Remote denial of service in NFSv4 client on NFS4ERR_EXPIRED.
A NFS4ERR_EXPIRED response from an NFSv4 server could send the kernel's NFSv4
client code into an infinite loop.
* NULL dereference with invalid AppArmor parameters.
Invalid parameters passed to apparmor_setprocattr() could cause a denial of
service (NULL pointer dereference).
* Disable fast channel switching for ath5k wireless cards.
Some ath5k-based wireless cards do not properly support fast channel switching,
making them unable to see wireless networks.
SUPPORT
Ksplice support is available at support at ksplice.com or +1 765-577-5423.
More information about the Fedora-15-Updates
mailing list