[Ksplice][Fedora-18-updates] New updates available via Ksplice (FEDORA-2013-3893)
Sasha Levin
sasha.levin at oracle.com
Mon Mar 18 21:46:22 PDT 2013
Synopsis: FEDORA-2013-3893 can now be patched using Ksplice
CVEs: CVE-2013-0914 CVE-2013-1858
Systems running Fedora 18 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-3893.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 18 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2013-1858: Privilege escalation in user namespaces.
An invalid interaction between user namespaces (CLONE_NEWUSER) and sharing file
system information (CLONE_FS) allows local unprivileged users to gain privileged
code execution.
* NULL pointer dereference in CIFS filesystem mounting.
The CIFS filesystem does not correctly handle attempts to mount paths which
contain symlinks causing a NULL pointer dereference and kernel panic.
* NULL pointer dereference in Parallel NFS direct I/O.
The kernel Parallel NFS implementation does not correctly handle requests to
perform direct I/O leading to a NULL pointer dereference and kernel panic.
* Use-after-free in NFSv4.1 LAYOUTGET requests.
A reference counting error in the kernel NFS implementation when handling
LAYOUTGET requests can cause a use-after-free and kernel panic.
* Denial of service in kernel connector subsystem.
The kernel connector subsystem does not correctly validate privileges allowing
an unprivileged user to block connector notifications for all local users.
* Kernel panic in fsyncing read-only RAID devices.
An unprivileged user can cause a kernel panic (BUG_ON) by causing an fsync
on a RAID device mounted read-only.
* NULL pointer dereference in kernel IPC.
A kernel NULL pointer dereference can be triggered by attempting to receive a
kernel IPC message which is larger than 4KB.
* Kernel IPC sysctl limit bypass.
A logic error in the kernel IPC subsystem allows unprivileged users to receive
IPC messages that are larger than the limit imposed by the 'msg_ctlmax' sysctl.
* Kernel panic in procfs symlinks.
The procfs filesystem does not correctly handle accessing symlinks which are
opened with O_NOFOLLOW leading to a BUG_ON and kernel panic.
* Use-after-free in mempolicy sharing.
A use-after-free condition can be caused when updating a range in a shared
mempolicy leading to kernel panic.
* Use-after-free in IEEE 802.11 shutdown.
The kernel IEEE 802.11 subsystem does not cancel pending asynchronous work
when shutting down leading to a use-after-free and kernel panic.
* NULL pointer dereference in session keyring.
A NULL pointer dereference and kernel panic can be triggered when attempting to
copy a session keyring from one process into its parent process.
* Memory leak in keyctl instantiation.
The error path when handling KEYCTL_INSTANTIATE requests does not correctly free
allocated memory allowing an unprivileged user to leak kernel memory.
* NULL pointer dereference in pipe closing.
The pipe subsystem does not correctly handle processes opening pipes for neither
reading nor writing leading to a NULL pointer dereference and kernel panic.
* Use-after-free when suspending USB video devices.
A race condition in the USB video driver can cause a use-after-free and kernel
panic when suspending USB video devices.
* CVE-2013-0914: Information leak in signal handlers.
A logic error in the handling of signal handlers allows a child process to
leak information about the memory layout of parent processes.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-18-Updates
mailing list