[Ksplice][Fedora-16-updates] New updates available via Ksplice (FEDORA-2012-17479)

Phil Turnbull phil.turnbull at oracle.com
Fri Nov 9 10:23:31 PST 2012 

Synopsis: FEDORA-2012-17479 can now be patched using Ksplice
CVEs: CVE-2012-0957 CVE-2012-4508 CVE-2012-4565

Systems running Fedora 16 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-17479.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 16 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory leak in NFS4 file closing.

The NFS4 server subsystem does not correctly free memory when closing a
file handle which eventually leads to memory exhaustion and a kernel
panic.


* Logic error in NFS4 idmap parsing.

The NFS4 server subsystem does not correctly parse numeric identifiers
in NFS requests potentially allowing remote users to bypass file
permissions.


* Memory leak in Cirrus Logic audio driver.

The Cirrus Logic driver does not correctly free memory when failing
to initialise an audio device.


* Kernel panic in multiple filesystems.

An out-of-bounds read can cause a kernel panic when opening a file on
GFS2, ISO 9660, Reiser, XFS or Posix shared memory filesystems.


* Deadlock in iSCSI SendTargets error path.

Invalid locking when failing to send a 'SendTargets' packet can lead
to a deadlock and kernel panic.


* NULL pointer dereference in VFIO interrupt.

A race condition when initialising a VFIO device can cause a NULL
pointer dereference and kernel panic.


* Memory leak in Atheros 802.11n driver.

The Atheros 802.11n driver does not correctly free memory when failing
to send frames leading to memory exhaustion and a kernel panic.


* Memory leak in 802.11 wireless driver.

The generic 802.11 wireless driver does not correctly free memory when
failing to send frames leading to memory exhaustion and a kernel panic.


* NULL pointer dereference in audit subsystem.

A NULL pointer dereference and kernel panic can be triggered in the
audit subsystem under low-memory conditions.


* Use-after-free in audit subsystem.

A use-after-free condition can be triggered in the audit subsystem when
failing to follow a symlink.


* Use-after-free when unloading Radeon graphics driver.

A use-after-free condition can be triggered when unloading the
Radeon graphics driver.


* Kernel panic in Realtek HD audio driver.

An out-of-bounds read in the Realtek HD audio driver can cause a kernel
panic when initialising a device.


* NULL pointer dereference in AC97 sound driver.

A NULL pointer dereference and kernel panic can be triggered when
initialising an AC97 device under low-memory conditions.


* CVE-2012-4508: Stale data exposure in ext4.

A race condition in the usage of asynchronous IO and fallocate on an
ext4 filesystem could lead to exposure of stale data from a deleted
file. An unprivileged local user could use this flaw to read privileged
information.


* Kernel panic in lockd server.

The kernel lockd server does not correctly handle stale file handles
leading to a kernel panic. A remote attacker could potentially use this
flaw to cause a remote denial of service.


* Memory corruption in SUNRPC procfs.

A stack buffer overflow can be triggered by reading the contents of the
"flush" procfs file, leading to a kernel panic.


* NULL pointer dereference in ring-buffer resizing.

The kernel ring-buffer implementation, used by the kernel tracing
subsystem, does not correctly handle resizing buffers on certain
SMP systems, leading to a NULL pointer dereference and kernel panic.


* CVE-2012-0957: Information leak in uname syscall.

A process running under a UNAME26 personality can disclose the contents
of kernel memory via the uname syscall.


* Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery.

An invalid assumption in the IP stack can lead to a kernel panic when
failing to send an IPv4 ARP or IPv6 Neighbor Discovery packet.


* Kernel panic when sending RDS ping responses.

Incorrect locking in the RDS implementation can cause a kernel panic
when responding to RDS ping packets. A remote attacker could potentially
use this flaw to cause a remote denial of service.


* Memory corruption in general purpose allocator.

The kernel does not allocate the correct amount of metadata for the
general purpose allocator, leading to memory corruption under certain
workloads.


* Kernel panic in CIFS dentry lookup.

The CIFS filesystem client implementation does not correctly handle
opening an invalid directory entry, leading to a kernel panic.


* CVE-2012-4565: Divide by zero in TCP congestion control Algorithm.

The TCP Illinois congestion control algorithm does not correctly handle
a zero number of RTTs when reading TCP stats, leading to a
divide-by-zero and kernel panic. A remote attacker could potentially use
this flaw to cause a remote denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-16-Updates mailing list