[Ksplice][Fedora-18-updates] New updates available via Ksplice (FEDORA-2013-5368)
Sasha Levin
sasha.levin at oracle.com
Fri Apr 12 13:33:23 PDT 2013
Synopsis: FEDORA-2013-5368 can now be patched using Ksplice
CVEs: CVE-2013-1929
Systems running Fedora 18 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-5368.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 18 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* NULL pointer dereference when closing Bluetooth SCO sockets.
Sockets which are in the middle of a connection process and were being
closed wouldn't stop the connection process properly, and would trigger
a NULL pointer dereference.
* Use after free due to directory read race in sysfs.
A race between reading and seeking a directory may occur due
to missing locking when executing the seek.
* Use after free on sysfs failure on readdir.
Errors in readdir weren't handled properly and internal structures were released
without being cleared, trigerring a use after free when they were later used
again.
* CVE-2013-1929: Buffer overflow in TG3 VPD firmware parsing.
Incorrect length checks when parsing the firmware could cause a buffer
overflow and corruption of memory.
* Buffer overflow when removing a PNFS device.
The buffer allocated for the removal command was too small, writing
too much data into it would have caused a buffer overflow.
* Missing security check when spoofing PIDs in user namespace.
Spoofing PIDs inside a user namespace without a PID namespace didn't
require admin priviliges.
* Privilege escalation in creation of user namespaces in a chroot.
Creating a user namespace inside a chroot may change the way permissions apply
on files under the root of the filesystem.
* Privilege escalation in user namespace read only mounts.
Mounts that were passed as read only to a user namespace could become
read/write inside the namespace.
* Use after free in loop device destruction.
A loop device may still be used after it was freed due to wrong reference
counting.
* Use after free in 802.1Q vlan tag deletion.
A vlan data structure may be used even after it was released due to wrong
release order.
* NULL pointer dereference in UNIX socket security management.
An incorrect ordering between marking a UNIX socket as dead and releasing
it can cause a NULL pointer dereference when the security subsystem tries
to verify permissions on that socket.
* Buffer overflow in AoE block driver SKB allocation.
The SKB size allocated for usage in the AoE driver was too small and
may cause buffer overflow.
* NULL pointer dereference in CPSW ethernet driver error check.
An incorrect check may cause NULL pointer dereference as it won't evaluate
as expected.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-18-Updates
mailing list