[Ksplice][Fedora-16-updates] New updates available via Ksplice (FEDORA-2012-1620)

[Sasha Levin]

Synopsis: FEDORA-2012-1620 can now be patched using Ksplice
CVEs: 

Systems running Fedora 16 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2012-1620.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 16 install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* NULL Dereference in the proc filesystem.

A missing check when releaseing a handle to a memory file in the proc filesystem
could allow a NULL dereference.


* Denial of service in the file mapping subsystem.

A race condition in the file mapping subsystem could allow two threads which try to
fault on the same memory page at the same time to potentially OOPS the system.


* NULL dereference in the nVidia card driver.

A race condition between creating a fence and synchronizing with it could cause a NULL
derefence by attempting to sync with a fence which was already destroyed and set to NULL.


* Denial of service in the eCryptfs filesystem.

On 32bit systems, when truncating a file, the integer holding the file size
could overflow, which would put the write operation in an infinite loop in
the kernel.


* NULL dereference in the CIFS filesystem.

When setting up a NULL user mount, the session setup code would still attempt
to copy the username of the user who's creating the mount into internal
structures.

Since in that case the username is always NULL, we would try to dereference
a NULL pointer, usually causing a kernel OOPS.


* NULL dereference in the SCSI subsystem.

If a SD card is removed during the validation process, a NULL dereference
will occur when the revalidation process attempts to access it.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.