[Ksplice][Fedora-16-updates] New updates available via Ksplice (FEDORA-2012-8890)

[Jessica McKellar]

Synopsis: FEDORA-2012-8890 can now be patched using Ksplice
CVEs: CVE-2012-2373 CVE-2012-2390

Systems running Fedora 16 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-8890.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 16 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2012-2373: denial-of-service in PAE page tables.

On a PAE system, a non-atomic load could be corrupted by a page fault
resulting in a kernel crash, triggerable by an unpriviliged user.


* CVE-2012-2390: Memory leak in hugetlbfs mmap() failure.

Incorrect error handling in the mmap() implementation for hugetlbfs
could result in reservations not being freed resulting in a denial of
service.


* Insufficient validation in asynchronous I/O.

Insufficient validation in the asynchronous I/O setup code could result
in accessing files locked with a mandatory file lock or overflowing the
file offset leading to data corruption.


* Use of undefined memory in ISCSI driver.

The ISCSI driver could access undefined memory when parsing OEM
parameters for single-controller devices resulting in undefined
behaviour.


* Use-after-free in selinux policy loading.

Incorrect initialisation of the number of policy booleans could result
in accessing stale data after failing to load a new policy and undefined
behaviour.


* Use-after-free in shared memory policies.

Incorrect reference counting with shared memory policies could lead to a
use-after-free condition and undefined behaviour.  With SLUB debugging
enabled this could result in a kernel crash.


* Deadlock in device mapper subsystem.

The device mapper used the wrong type of memory allocation in flush
submission resulting in possible deadlock and a denial-of-service.


* Use-after-free in USB userspace device I/O.

Incorrect reference counting lead to a possible race condition in
several paths and a possible use-after-free resulting in undefined
behaviour.


* NULL pointer dereference in GMA500 driver.

When a system has GMA500 devices with SDVO ports present, system suspend
could result in a NULL pointer dereference and kernel crash.


* Out-of-bounds memory access in IOMMU subsystem.

An off-by-one error in the IOMMU subsystem when processing a fault could
result in undefined behaviour.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.