[Ksplice][Fedora-18-updates] New updates available via Ksplice (FEDORA-2013-3630)

[Jamie Iles]

Synopsis: FEDORA-2013-3630 can now be patched using Ksplice
CVEs: CVE-2013-1792 CVE-2013-1825 CVE-2013-1828

Systems running Fedora 18 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-3630.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 18 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Invalid user stack expansion on VMA overrun.

Under specific conditions, an overrun of a virtual memory area in a
userspace task can cause the stack to be incorrectly expanded leading to
application failures.


* Kernel crash in target lun configuration.

Missing bounds checks for the mapped_lun attribute in the target lun
configfs filesystem could result in a kernel crash.


* Use-after-free in OCFS2 AIO handling.

An inode reference was released before all operations on it were
complete.  This might lead to a use-after-free if the inode was freed.


* Incorrect access control lists on reflinked OCFS2 inodes.

Incorrect management of reflinked inodes meant that the new inode did
not correctly receive the access control lists from the parent
directory.


* Out-of-bounds read in binary sysctl helpers.

An invalid check for NULL in binary sysctl's could result in a
dereference of an invalid pointer leading to a kernel crash.


* Stale data access in networked block device.

The network block device did not sync and cleanup correctly on shutdown.
This meant that on attaching another backing image stale data could
still be accessed.


* Use-after-free in direct I/O AIO handling.

An inode reference was released before all operations on it were
complete.  This might lead to a use-after-free if the inode was freed.


* Use-after-free in ext4 AIO handling.

An inode reference was released before all operations on it were
complete.  This might lead to a use-after-free if the inode was freed.


* NULL pointer dereference in ext4 bitmap handling.

A missing NULL pointer check could result in a kernel crash when
processing block bitmaps in the ext4 filesystem.


* Use-after-free in ext4 mount failures.

Incorrect reference counting could leave a dangling sysfs object when
failing to mount a filesystem.  This could result in a use-after-free
condition when accessed later.


* Race condition in ext4 block preallocation.

Incorrect locking in ext4 block preallocation could lead to memory
corruption and undefined behaviour.


* Memory leak in NFS client destruction.

Memory was incorrectly freed when destroy an NFS client resulting in a
possible denial-of-service.


* NULL pointer dereference in comedi subdevice character device.

Missing NULL pointer checks could result in a kernel crash when
accessing sub-devices that don't support asynchronous operations.


* CVE-2013-1825: kernel stack information leaks in cryptographic report API.

The functions for reporting the cryptographic API operations did not
correctly zero unused bytes in the structures leading to a leak of
kernel stack bytes to userspace.


* Kernel crash on tun packet transmission.

Incorrect handling of a socket buffer in the tun device transmission
functions could result in a use-after-free condition and kernel crash.


* CVE-2013-1828: Privilege escalation in SCTP_GET_ASSOC_STATS.

Missing validation of a user supplied length could allow a local user to
overflow the kernel stack and possibly escalate privileges.


* CVE-2013-1792: Denial-of-service in user keyring management.

A race condition in installing a user keyring could allow a local,
unprivileged user to crash the machine causing a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.