[Ksplice][Fedora-16-updates] New updates available via Ksplice (FEDORA-2012-2145)

[Sasha Levin]

Synopsis: FEDORA-2012-2145 can now be patched using Ksplice
CVEs: 

Systems running Fedora 16 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2012-2145.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 16 install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* Kernel panic in the Atheros IEEE 802.11n network driver.

Internal structures in the driver weren't initialized before the device was
made active.

This can cause a kernel panic when the network controller is being
utilized while it's being loaded.


* Buffer overflow in the relay filesystem.

The relayfs filesystem did not properly check for integer overflows
when processing certain user-provided lengths.  An unprivileged user could
exploit this to overflow the relevant buffers and corrupt kernel memory.


* NULL pointer dereference in the SCSI subsystem.

A NULL dereference may occur if a SCSI device is physically removed
without being logically removed from the system.

This would lead to a NULL dereference since the revalidation routine
assumed the device is always present while it runs.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com