[Ksplice][Fedora-16-updates] New updates available via Ksplice (FEDORA-2012-3712)

Sasha Levin sasha.levin at oracle.com
Sun Mar 18 16:59:42 PDT 2012 

Synopsis: FEDORA-2012-3712 can now be patched using Ksplice
CVEs: CVE-2012-1146 CVE-2012-1179

Systems running Fedora 16 can now use Ksplice to patch against the
latest Fedora security update, FEDORA-2012-3712.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 16 install
these updates.  You can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any additional action.


DESCRIPTION

* CVE-2012-1146: Denial of service in the cgroup eventfd handling.

The cgroup event handler didn't check whether there are any events registered for
a specific memory cgroup before trying to unregister them. This would lead to a
kernel OOPS if there weren't any events to be unregistered.


* Initialize the 802.11 subsystem to use correct rate control values.

The 802.11 subsystem was initializing device drivers with incorrect rate control
values.

This could lead to crashes in the device drivers which are based on the 802.11
subsystem.


* Denial of service in the RapidIO device driver doorbell handler.

The RapidIO driver didn't handle the case when received doorbell count is larger
than the number of entries in the doorbell queue.

This would lead to a kernel panic.


* Plug memory leak in software RAID subsystem.

If the parameters passed to the software RAID device were empty, the memory used
to store the parameters would get leaked.


* Fix crash on discard in the software RAID driver.

The IO module in the software RAID subsystem didn't properly handle DISCARD messages
when using a configuration which has disk mirroring on top of a DISCARD enabled
hardware.

This would lead to kernel BUGs.


* CVE-2012-1179: Denial of service in page mapping of the hugepage subsystem.

In some cases, the hugepage subsystem would allocate new PMDs when not expected
by the memory management subsystem.

A privileged user in the KVM guest can use this flaw to crash the host.
An unprivileged local user could use this flaw to crash the system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-16-Updates mailing list