[Ksplice][Fedora-16-updates] New updates available via Ksplice (FEDORA-2012-0949)
Anders Kaseorg
anders.kaseorg at oracle.com
Sat Jan 28 22:57:31 PST 2012
Synopsis: FEDORA-2012-0949 can now be patched using Ksplice
CVEs: CVE-2009-4307
Systems running Fedora 16 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2012-0949.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 16 install
these updates. You can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.
DESCRIPTION
* Denial of service in NFS callback sequence numbers.
An off-by-one error in validate_seqid may allow a malformed NFS
callback sequence number to cause access of an invalid NFS slot.
* Use after free in UBI driver.
The error path in erase_worker in the UBI (unsorted block images)
driver may allow an erase entry object to be used after it is freed.
* Denial of service in Integrity Measurement Architecture.
An error path in ima_add_template_entry in the IBM Integrity
Measurement Architecture may cause a string that was not allocated on
the heap to be later freed.
* Denial of service in Video4Linux2 ioctls.
An integer overflow in video_usercopy in the Video4Linux2 subsystem
may cause access to invalid memory.
* Double free on NFS server shutdown.
Shutting down an NFS server after changing its pool mode may lead to a
double free.
* Denial of service in USB Video Class ioctl.
An integer overflow in the V4L2_CTRL_TYPE_MENU ioctl handler in the
USB Video Class driver may result in access to invalid memory.
* Privilege escalation through ioctls on partition devices.
The kernel passed certain ioctls on partitions or LVM volumes through
to the underlying block device, which may allow a user with access to
only a partition to perform unauthorized operations on the entire
device.
* Improved fix to CVE-2009-4307.
The original vendor fix to CVE-2009-4307 did not cover all cases,
especially on x86.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-16-Updates
mailing list