[Ksplice][Fedora-18-updates] New updates available via Ksplice (FEDORA-2013-1961)

[Sasha Levin]

Synopsis: FEDORA-2013-1961 can now be patched using Ksplice
CVEs: CVE-2013-0268

Systems running Fedora 18 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-1961.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 18 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use-after-free in XFS AIO handling.

An inode reference was released before all operations on it were complete.
This might lead to a use-after-free if the inode was freed.


* Memory leak in ATH9K HTC layer skb allocation.

All SKBs which were allocated by the ATH9K HTC layer were not freed,
causing a memory leak.


* Memory corruption in ATH9K handling to flush command.

DMA activity wasn't stopped when handling a flush command, leading
to a memory corruption.


* Double free on ATH9K beacon generate failure.

An incorrect re-use of objects between beacon generation attempts would
lead to a system crash.


* CVE-2013-0268: /dev/cpu/*/msr local privilege escalation.

Access to /dev/cpu/*/msr was protected only using filesystem
checks. A local uid 0 (root) user with all capabilities dropped
could use this flaw to execute arbitrary code in kernel mode.


* Invalid memory access in KVM IRQFD assignment.

KVM didn't iterate existing irqfd lists correctly, causing access to invalid
areas of the memory and system crashes.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.