[Ksplice][Fedora-15-updates] New updates available via Ksplice (FEDORA-2011-8245)

Sun Jun 19 19:39:17 PDT 2011

Synopsis: FEDORA-2011-8245 can now be patched using Ksplice
CVEs: CVE-2011-1017

Systems running Fedora 15 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2011-8245.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 15 install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.

DESCRIPTION

* Kernel oops after blk_cleanup_queue.

The kernel function blk_cleanup_queue() could deallocate an I/O scheduler while
it is still in use, causing a kernel oops.

* Use-after-free in ext4_remove_li_request.

The function ext4_remove_li_request could access already-deallocated memory
under certain circumstances.

* Denial of service in iwl_mac_change_interface.

If the kernel function iwl_mac_change_interface is called during firmware
restart, a kernel crash could occur.

* Data corruption of ext3 directory nodes.

Under certain error conditions, the ext3 filesystem could fail to write back
some modified buffers, causing data corruption of ext3 directory nodes.

* Denial of service in JBD fsync transaction handling.

Certain workloads involving fdatasync() and fsync() on filesystems using the
JBD layer could cause denial of service (BUG assertion failure).

* Bridge failure on IPv6 packets.

Bridge interfaces would fail to forward IPv6 packets.

* Denial of service in irda_sendmsg.

Invalid flags passed to the sendmsg() system call on an IRDA socket could cause
a locking inbalance, resulting in denial of service (BUG assertion failure).

* Race condition in sctp_bind_addr_free and sctp_bind_addr_conflict.

A race condition between the kernel functions sctp_bind_addr_free() and
sctp_bind_addr_conflict() could cause denial of service (kernel crash) or other
kernel misbehavior.

* Improper reference counting in sock_queue_err_skb.

The kernel function sock_queue_err_skb() did not properly reference-count
packets.

* Memory leak in SCTP ASCONF queueing.

The kernel's SCTP protocol implementation did not properly free
memory allocated for an SCTP ASCONF queue.

* Deadlock in IO APIC initialization on resume from sleep.

The kernel function alloc_ioapic_entries() could sleep in a context where it is
not allowed to do so, causing a deadlock.

* Improved fix for CVE-2011-1017.

Fedora provided an improved fix for the CVE-2011-1017 security issue.

* Remote denial of service in NFSv4 client on NFS4ERR_EXPIRED.

A NFS4ERR_EXPIRED response from an NFSv4 server could send the kernel's NFSv4
client code into an infinite loop.

* NULL dereference with invalid AppArmor parameters.

Invalid parameters passed to apparmor_setprocattr() could cause a denial of
service (NULL pointer dereference).

* Disable fast channel switching for ath5k wireless cards.

Some ath5k-based wireless cards do not properly support fast channel switching,
making them unable to see wireless networks.

SUPPORT

Ksplice support is available at support at ksplice.com or +1 765-577-5423.