[Ksplice][Fedora-18-updates] New updates available via Ksplice (FEDORA-2013-17010)

Wed Sep 25 06:18:33 PDT 2013

Synopsis: FEDORA-2013-17010 can now be patched using Ksplice
CVEs: CVE-2013-2889 CVE-2013-2891 CVE-2013-2892 CVE-2013-2893 CVE-2013-2894 CVE-2013-2895 CVE-2013-2896 CVE-2013-2897 CVE-2013-2898 CVE-2013-2899 CVE-2013-4350

Systems running Fedora 18 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-17010.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 18 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Memory leak in IPv4 netlink configuration.

Kernel memory can be leaked if an error is encountered when configuring an IPv4
address via the netlink interface.

* Memory leak in RealTek 8139 device driver.

The RealTek 8139 ethernet device driver does not free kernel memory when dropping
packets leading to a kernel panic.

* Use-after-free in IPv6 options processing.

The kernel IPv6 implementation incorrectly uses freed memory when processing
received IPv6 packets leading to a use-after-free condition and kernel panic.

* CVE-2013-2889: Memory corruption Zeroplus HID driver.

The Zeroplus game controller device driver does not correctly validate data from
devices allowing a malicious device to cause kernel memory corruption and
potentially gain kernel code execution.

* CVE-2013-2891: Memory corruption in Steelseries HID driver.

The Steelseries SRW-S1 device driver does not correctly validate data from devices
allowing a malicious device to cause kernel memory corruption and potentially gain
kernel code execution.

* CVE-2013-2893: Memory corruption in Logitech force feedback devices.

The Logitech force feedback driver does not correctly validate data from devices
allowing a malicious device to cause kernel memory corruption and potentially
gain kernel code execution.

* CVE-2013-2894: Memory corruption in Lenovo ThinkPad keyboard driver.

The Lenovo ThinkPad Keyboard with TrackPoint driver does not correctly validate
data from devices allowing a malicious device to cause kernel memory corruption
and potentially gain kernel code execution.

* CVE-2013-2895: NULL pointer dereference in Logitech DJ driver.

The Logitech DJ Unifying driver does not correctly validate data from devices
allowing a malicious device to leak the contents of kernel memory or trigger a
NULL pointer dereference causing a kernel panic.

* CVE-2013-2897: Memory corruption in multitouch HID driver.

The multitouch HID driver does not correctly validate data from devices allowing
a malicious device to cause kernel memory corruption and potentially gain kernel
code execution.

* CVE-2013-2892: Memory corruption in Pantherlord HID driver.

The Pantherlord/GreenAsia game controller device driver does not correctly
validate data from devices allowing a malicious device to cause kernel memory
corruption and potentially gain kernel code execution.

* CVE-2013-2896: NULL pointer dereference in N-Trig HID driver.

The N-Trig touch-screen device driver does not correctly validate data from
devices allowing a malicious device to trigger a NULL pointer dereference causing
a kernel panic.

* CVE-2013-2898: Information leak in HID sensor framework.

The kernel HID sensor framework does not correctly validate data from devices
allowing a malicious device to leak the contents of kernel memory.

* CVE-2013-2899: NULL pointer dereference in PicoLCD device driver.

The PicoLCD HID driver does not correctly validate data from devices allowing a
malicious device to trigger a NULL pointer dereference causing a kernel panic.

* Use-after-free in kernel cryptography subsystem.

The kernel cryptography subsystem incorrectly frees kernel memory when initializing
a cryptographic algorithm leading to a use-after-free condition and kernel panic.

* CVE-2013-4350: SCTP over IPv6 disables encryption.

When transporting SCTP data over an IPv6 link, an incorrect assumption in the
kernel IPv6 stack can disable IPv6 encryption leading to the SCTP data being
visible to malicious users on the network.

* Kernel panic in Hierarchical Token Bucket scheduler.

The kernel HTB scheduler does not validate priority levels causing an out-of-bounds
read leading to a kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.