[Ksplice][Fedora-18-updates] New updates available via Ksplice (FEDORA-2013-11221)

[Samson Yeung]

Synopsis: FEDORA-2013-11221 can now be patched using Ksplice

Systems running Fedora 18 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-11221.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 18 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use-after-free in DesignWare USB3 controller.

When a DesignWare PCI USB3 device is removed, memory is incorrectly freed causing
a use-after-free and kernel panic.


* Heap buffer overflow when mounting CIFS share.

An off-by-one error when copying UNC paths in Distributed File System referrals
can cause a heap buffer overflow and possibly gain kernel code execution.


* Data loss in ecryptfs file syncing.

The ecryptfs filesystem does not correctly flush the contents of memory mapped
files to disk potentially causing data loss.


* Use-after-free in DRM GPU driver.

When GPU acceleration is disabled memory associated with the current GPU is
incorrectly freed, which is then later used by the kernel leading to a use-after-
free and kernel panic.


* Kernel panic when writing KVM time stamp counter.

A malicious guest can cause a kernel panic by writing a large value to the KVM
time stamp counter causing a calculation to overflow and cause a processor
exception.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.