[Ksplice][Fedora-16-updates] New updates available via Ksplice (FEDORA-2012-20240)

[Sasha Levin]

Synopsis: FEDORA-2012-20240 can now be patched using Ksplice
CVEs: CVE-2012-4530

Systems running Fedora 16 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-20240.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 16 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Resource leak in XFS buffer I/O error handling.

Invalid reference counting when ending a failed I/O would result in a
memory leak.


* NULL pointer dereference in SATA PMP drive attach with ACPI.

A missing check for device attachment could result in a NULL pointer
dereference and kernel crash when binding devices.


* Use-after-free in virtio device unregistration.

Members of a virtio device were accessed after registration resulting in
a use-after-free and a possible kernel crash.


* Resource leak in WiFi status management.

Incorrect resource freeing could result in a memory leak and hangs in
userspace WiFi applications such as wpa_supplicant and hostapd.


* NULL pointer dereference in persistent store console writes.

A NULL pointer dereference when writing to the persistent store console
could cause a crash by a privileged local user.


* Kernel crash in tmpfs page allocations.

A kernel assertion could cause a panic under specific circumstances when
allocating memory for a shared memory filesystem.


* CVE-2012-4530: Kernel information leak in binfmt execution.

Execution of a carefully crafted sequence of scripts could allow an
unprivileged user to leak kernel stack information to userspace.


* Kernel crash in DRM memory type subsystem.

Incorrect memory allocation routines could result in a kernel crash when
allocating memory on systems with high memory.


* Kernel crash in GFS2 filesystem on mmap().

Invalid locking in GFS2 could result in kernel crash when modifying the
access time of a file under mmap().


* Kernel crash in shared memory inode eviction.

Incorrect locking in shared memory filesystems could result in a kernel
BUG_ON() and subsequent kernel crash.


* Kernel crash in TCP repair mode during transmission.

Triggering TCP socket repair whilst there was data queued for writing
could result in a kernel crash.


* Memory corruption in WiFi station wakeup handling.

Missing locking could result in the corruption of internal lists leading
to a kernel crash.


* Kernel panic on access to Intel i7 EDAC sysfs files.

The Error Detection and Correction ("EDAC") of the Intel i7 platform has used
invalid representation of the memory control information. Accessing said
sysfs file can lead to a kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.