[Ksplice][Fedora-16-updates] New updates available via Ksplice (FEDORA-2012-11348)

[Jamie Iles]

Synopsis: FEDORA-2012-11348 can now be patched using Ksplice
CVEs: CVE-2012-3430

Systems running Fedora 16 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-11348.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 16 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use-after-free in device-mapper array stop.

A race condition in flushing I/O for stopping a device mapper array
could result in a use-after free condition and kernel crash.


* Null pointer dereference in fibre channel target storage.

When large reads were aborted, a NULL pointer could be incorrectly
dereferenced resulting in a kernel crash.


* Memory corruption in device mapper RADI1 mirror recovery and discard.

A race condition in mirror recovery and discard could result in the
corruption of linked lists resulting in undefined behaviour.


* CVE-2012-3430: kernel information leak in RDS sockets.

Calling recvfrom() on an RDS socket could result in leaking the contents
of kernel stack memory to userspace.


* Denial-of-service in USB video driver.

Incorrect handling of erroneous buffers could result in an infinite loop
in interrupt context resulting in a denial-of-service on the CPU.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.