[Ksplice][Fedora-18-updates] New updates available via Ksplice (FEDORA-2013-12987)

[Phil Turnbull]

Synopsis: FEDORA-2013-12987 can now be patched using Ksplice

Systems running Fedora 18 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-12987.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 18 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Deadlock in CephFS extended attributes.

Invalid locking in the Ceph filesystem when reading extended attributes can cause
a deadlock and kernel panic.


* Format string vulnerability in power charger manager.

A lack of sanitisation of a parameter when notifying udev about power charger
events can trigger a format string vulnerability and cause a kernel panic.


* Integer overflow in HP filesystem mounting.

An integer overflow and kernel panic can be triggered by attempting to mount a
malformed HP filesystem.


* Format string vulnerability in crypto subsystem.

A lack of sanitisation of a parameter when looking up crypto algorithms in the
kernel can trigger a format string vulnerability and cause a kernel panic


* Use-after-free in cgroup memory control groups.

Invalid reference counting in the cgroup memory control groups can cause a use-
after-free condition and kernel panic.


* Data corruption in ext4 filesystem on 32-bit systems.

A number of integer overflows when handling 64-bit integers in the ext4 filesystem
on 32-bit systems can cause data corruption and/or loss.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.