[Ksplice][Fedora-18-updates] New updates available via Ksplice (FEDORA-2013-17942)

Oracle Ksplice ksplice-support_ww at oracle.com
Fri Oct 4 04:07:57 PDT 2013 

Synopsis: FEDORA-2013-17942 can now be patched using Ksplice
CVEs: CVE-2013-4300

Systems running Fedora 18 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-17942.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 18 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use-after-free in Xen grant table callbacks.

Xen allows individual callbacks to be registered multiple times for individual
grant tables leading to a use-after-free condition and kernel panic.


* CVE-2013-4300: Privilege escalation in AF_UNIX credential passing.

The kernel uses the wrong namespace when validating credentials passed via a
AF_UNIX socket allowing users in a namespace to spoof credentials and gain
elevated privileges.


* Denial-of-service in USB configuration parsing.

The generic USB driver does not correctly validate the length of USB configuration
blocks allowing a malicious USB device to cause a kernel panic.


* NULL pointer dereference in PicoLCD device removal.

The PicoLCD HID driver does not validate a pointer when removing a PicoLCD device
leading to a NULL pointer dereference and kernel panic.


* Information leak in procfs filesystem.

A missing privilege check in the procfs filesystem allows users inside a namespace
to remount the procfs filesystem with weak permissions, leaking information about
processes in other namespaces.


* Memory leak in CephFS Object Storage Daemon client.

The Ceph filesystem does not release memory when a read or write operation to an
Object Storage Daemon fails causing a kernel memory leak.


* Off-by-one error causes reduced entropy in kernel PRNG.

An off-by-one error can cause the default kernel pseudorandom number generator
to return duplicate bytes when filling multiple buffers in quick succession.


* Deadlock in CephFS GET_DATALOC ioctl.

The Ceph filesystem does not release mutex if an error is encountered when handling
the GET_DATALOC ioctl leading to a kernel deadlock.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-18-Updates mailing list