[Ksplice][Fedora-18-updates] New updates available via Ksplice (FEDORA-2013-7304)

[Sasha Levin]

Synopsis: FEDORA-2013-7304 can now be patched using Ksplice
CVEs: CVE-2013-0160

Systems running Fedora 18 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-7304.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 18 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION


* Use-after-free in Async I/O debug prints.

An async I/O ring may be released before a debug print regarding that
ring, causing a use-after-free.


* CVE-2013-0160: Information disclosure by keystroke timing on a ptmx device.

It is possible to calculate the length of a user's password using a timing attack
on the ptmx device.


* Kernel stack leak when receiving Bluetooth packets on non-connected sockets.

A part of the stack will leak when an attempt to receive packets from a
socket that is not yet connected has been made.


* Kernel stack leak when receiving CAIF packets when message name isn't set.

A part of the stack will leak when an attempt to receive packets from a
CAIF socket that doesn't have the name field set.


* Kernel stack leak when receiving Netrom packets when message name isn't set.

A part of the stack will leak when an attempt to receive packets from a
Netrom socket that doesn't have the name field set.


* Kernel panic on removal of the network bonding device module.

A race condition between removal of a network bonding device module and the
removal of the actual bond devices may cause a kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.