[Ksplice][Fedora-18-updates] New updates available via Ksplice (FEDORA-2013-9277)

[Jamie Iles]

Synopsis: FEDORA-2013-9277 can now be patched using Ksplice

Systems running Fedora 18 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-9277.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 18 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* NULL pointer dereference in Intel Non-Transparent Bridge driver.

Missing NULL-pointer checks could result in a kernel crash.


* Off-by-one errors in Intel Non-Transparent Bridge driver.

Off-by-one errors in the Intel Non-Transparent Bridge driver could
result in accessing beyond allocated memory and triggering undefined
behavior.


* Out-of-bounds accesses in Intel Non-Transparent Bridge driver.

Invalid pointer arithmetic in the Intel Non-Transparent Bridge driver
could result in out-of-bounds accesses and trigger undefined behavior.


* Memory leak in Intel Non-Transparent Bridge driver link toggling.

Failure to reuse existing buffers could result in a memory leak when
toggling the link state of an NTB device.


* Denial-of-service in Intel Non-Transparent Bridge driver.

Excessive processing of received data in a single interrupt could
trigger a soft lockup allowing a remote user to trigger a
denial-of-service.


* Use-after-free in Intel Non-Transparent Bridge.

Incorrect management of multiple NTB devices could result in a
use-after-free and system crash when adding and removing NTB devices.


* Heap buffer overflow in btrfs tree search ioctl.

Incorrect handling of large items could result in a buffer overflow
allowing a privileged, local user to corrupt kernel memory.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.