[Ksplice][Fedora-16-updates] New updates available via Ksplice (FEDORA-2012-17479)
Phil Turnbull
phil.turnbull at oracle.com
Fri Nov 9 10:23:31 PST 2012
Synopsis: FEDORA-2012-17479 can now be patched using Ksplice
CVEs: CVE-2012-0957 CVE-2012-4508 CVE-2012-4565
Systems running Fedora 16 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-17479.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 16 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Memory leak in NFS4 file closing.
The NFS4 server subsystem does not correctly free memory when closing a
file handle which eventually leads to memory exhaustion and a kernel
panic.
* Logic error in NFS4 idmap parsing.
The NFS4 server subsystem does not correctly parse numeric identifiers
in NFS requests potentially allowing remote users to bypass file
permissions.
* Memory leak in Cirrus Logic audio driver.
The Cirrus Logic driver does not correctly free memory when failing
to initialise an audio device.
* Kernel panic in multiple filesystems.
An out-of-bounds read can cause a kernel panic when opening a file on
GFS2, ISO 9660, Reiser, XFS or Posix shared memory filesystems.
* Deadlock in iSCSI SendTargets error path.
Invalid locking when failing to send a 'SendTargets' packet can lead
to a deadlock and kernel panic.
* NULL pointer dereference in VFIO interrupt.
A race condition when initialising a VFIO device can cause a NULL
pointer dereference and kernel panic.
* Memory leak in Atheros 802.11n driver.
The Atheros 802.11n driver does not correctly free memory when failing
to send frames leading to memory exhaustion and a kernel panic.
* Memory leak in 802.11 wireless driver.
The generic 802.11 wireless driver does not correctly free memory when
failing to send frames leading to memory exhaustion and a kernel panic.
* NULL pointer dereference in audit subsystem.
A NULL pointer dereference and kernel panic can be triggered in the
audit subsystem under low-memory conditions.
* Use-after-free in audit subsystem.
A use-after-free condition can be triggered in the audit subsystem when
failing to follow a symlink.
* Use-after-free when unloading Radeon graphics driver.
A use-after-free condition can be triggered when unloading the
Radeon graphics driver.
* Kernel panic in Realtek HD audio driver.
An out-of-bounds read in the Realtek HD audio driver can cause a kernel
panic when initialising a device.
* NULL pointer dereference in AC97 sound driver.
A NULL pointer dereference and kernel panic can be triggered when
initialising an AC97 device under low-memory conditions.
* CVE-2012-4508: Stale data exposure in ext4.
A race condition in the usage of asynchronous IO and fallocate on an
ext4 filesystem could lead to exposure of stale data from a deleted
file. An unprivileged local user could use this flaw to read privileged
information.
* Kernel panic in lockd server.
The kernel lockd server does not correctly handle stale file handles
leading to a kernel panic. A remote attacker could potentially use this
flaw to cause a remote denial of service.
* Memory corruption in SUNRPC procfs.
A stack buffer overflow can be triggered by reading the contents of the
"flush" procfs file, leading to a kernel panic.
* NULL pointer dereference in ring-buffer resizing.
The kernel ring-buffer implementation, used by the kernel tracing
subsystem, does not correctly handle resizing buffers on certain
SMP systems, leading to a NULL pointer dereference and kernel panic.
* CVE-2012-0957: Information leak in uname syscall.
A process running under a UNAME26 personality can disclose the contents
of kernel memory via the uname syscall.
* Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery.
An invalid assumption in the IP stack can lead to a kernel panic when
failing to send an IPv4 ARP or IPv6 Neighbor Discovery packet.
* Kernel panic when sending RDS ping responses.
Incorrect locking in the RDS implementation can cause a kernel panic
when responding to RDS ping packets. A remote attacker could potentially
use this flaw to cause a remote denial of service.
* Memory corruption in general purpose allocator.
The kernel does not allocate the correct amount of metadata for the
general purpose allocator, leading to memory corruption under certain
workloads.
* Kernel panic in CIFS dentry lookup.
The CIFS filesystem client implementation does not correctly handle
opening an invalid directory entry, leading to a kernel panic.
* CVE-2012-4565: Divide by zero in TCP congestion control Algorithm.
The TCP Illinois congestion control algorithm does not correctly handle
a zero number of RTTs when reading TCP stats, leading to a
divide-by-zero and kernel panic. A remote attacker could potentially use
this flaw to cause a remote denial of service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-16-Updates
mailing list