[Ksplice][Fedora-16-updates] New updates available via Ksplice (FEDORA-2012-1298)

[Anders Kaseorg]

Synopsis: FEDORA-2012-1298 can now be patched using Ksplice

Systems running Fedora 16 can now use Ksplice to patch against the 
latest Fedora security update, FEDORA-2012-1298.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 16 install 
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, 
these updates will be installed automatically and you do not need to 
take any additional action.


DESCRIPTION

* Denial of service in eCryptfs.

A user may trigger heavy reclaim or even the OOM-killer by writing large 
amount of data to a eCryptfs device.


* Memory corruption in the Direct Rendering Manager.

A race condition in the Direct Rendering Manager may allow an 
unprivileged user to corrupt kernel memory.


* Memory corruption in the Xen subsystem.

High contention on a Xen spinlock may cause an overflow of the spinlock 
structure and allow the user to corrupt kernel memory.


* NULL pointer dereference in the CAIF networking subsystem.

CAIF wasn't registering properly as a pernet subsystem, which would 
allow a user to trigger calls into the CAIF code while the subsystem was 
still uninitialized, leading to a NULL dereference.


* NULL dereference in the L2TP subsystem.

A NULL pointer dereference may occur when receiving L2TP packets while
using IP link encapsulation.


* Use after free in the MACVLAN driver.

A use after free in the MACVLAN driver will occur if a packet was 
resized and reallocated, for example, if the network controller supports 
hardware encryption.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.