[Ksplice][Fedora-16-updates] New updates available via Ksplice (FEDORA-2012-2145)
Sasha Levin
sasha.levin at oracle.com
Fri Feb 24 00:37:13 PST 2012
Synopsis: FEDORA-2012-2145 can now be patched using Ksplice
CVEs:
Systems running Fedora 16 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2012-2145.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 16 install
these updates. You can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* Kernel panic in the Atheros IEEE 802.11n network driver.
Internal structures in the driver weren't initialized before the device was
made active.
This can cause a kernel panic when the network controller is being
utilized while it's being loaded.
* Buffer overflow in the relay filesystem.
The relayfs filesystem did not properly check for integer overflows
when processing certain user-provided lengths. An unprivileged user could
exploit this to overflow the relevant buffers and corrupt kernel memory.
* NULL pointer dereference in the SCSI subsystem.
A NULL dereference may occur if a SCSI device is physically removed
without being logically removed from the system.
This would lead to a NULL dereference since the revalidation routine
assumed the device is always present while it runs.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com
More information about the Ksplice-Fedora-16-Updates
mailing list