[Ksplice][Fedora-18-updates] New updates available via Ksplice (FEDORA-2013-10695)

Thu Jun 13 19:00:48 PDT 2013

Synopsis: FEDORA-2013-10695 can now be patched using Ksplice
CVEs: CVE-2013-2140 CVE-2013-2147 CVE-2013-2148 CVE-2013-2164 
CVE-2013-2851 CVE-2013-2852

Systems running Fedora 18 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-10695.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 18 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Out of bounds access in Conexant AccessRunner USB driver.

An incomplete check of array index bounds can lead to an out of bounds
access.

* Kernel panic in mm pagewalk.

Invalid assumptions in the mm pagewalk code could cause a kernel
panic.  This can be triggered by simply cat'ing /proc/<pid>/smaps
while an application has a VM_PFNMAP range.

* NULL pointer dereference in cgroup initialization.

A missing initialization of the extended attributes for cgroup
files can cause a NULL pointer dereference in various security
modules that verify extended attributes.

* CVE-2013-2140: Arbitrary sector discard in Xen block device.

A missing check for invalid blocks would allow the discard of
sectors even if they were marked read-only or not allowed by
permissions.

* CVE-2013-2147: Kernel memory leak in HP Smart Array controllers.

Missing initialization of a returned result could leak internal kernel
memory back to userspace.

* CVE-2013-2148: Kernel information leak in file system notifications.

The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c
in the Linux kernel through 3.9.4 does not initialize a certain structure
member, which allows local users to obtain sensitive information from kernel
memory via a read operation on the fanotify descriptor.

* CVE-2013-2852: Invalid format string usage in Broadcom B43 wireless 
driver.

Format string vulnerability in the b43_request_firmware function
in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4
allows local users to gain privileges by leveraging root access and
including format string specifiers in an fwpostfix modprobe parameter,
leading to improper construction of an error message.

* CVE-2013-2851: Format string vulnerability is software RAID device names.

Format string vulnerability in the register_disk function in the Linux 
kernel
through 3.9.4 allows local users to gain privileges by leveraging root 
access
and writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md
device name.

* CVE-2013-2164: Kernel information leak in the CDROM driver.

An ioctl result returned to the user might contain sensetive kernel
information.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.