[Ksplice][Fedora-17-updates] New updates available via Ksplice (FEDORA-2012-11739)

[Sasha Levin]

Synopsis: FEDORA-2012-11739 can now be patched using Ksplice
CVEs: CVE-2012-3412

Systems running Fedora 17 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-11739.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 16 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Buffer overflow in smackfs.

An off-by-one error in smackfs could result in overflowing an allocated
buffer when copying a rule.  This could result in heap corruption.


* Reference count corruption in cifs.

Incorrect locking could result in corruption of file information
reference counts in the cifs filesystem, resulting in a use-after-free
condition.


* NULL pointer dereference in qeth driver.

Missing NULL pointer checks could result in a kernel crash and
denial-of-service.


* Use-after-free in tg3 network driver stats.

Invalid locking could result in a use-after-free condition when
accessing device statistics.


* Kernel crash in radeon DRM driver.

Incorrect error handling in the CS parser could result in a kernel oops
when managing fence buffer objects.


* Memory leak in radeon buffer object management.

Incorrect error handling could result in a memory leak and
denial-of-service.


* Uninitialised memory access in nouveau driver.

A race condition between driver intialisation and handling vblank
interrupts could result in accesses to uninitialised memory and a kernel
crash.


* Memory leak in device mapper thin provisioning driver.

Incorrect error handling could result in a memory leak and denial of
service.


* Data loss in ext4 filesystems.

An integer underflow in metadata block management could result in
allocation failure and data loss.


* Kernel information leak in put_cmsg_compat().

A networking compatibility handler for 32-bit processes used stack
variables outside of their scope resulting in a kernel stack information
leak to users.


* NULL pointer dereference in caif tty driver.

A missing NULL pointer check could result in a kernel crash when opening
the tty device.


* Kernel stack information leak in tun ioctls.

Incorrect initialisation of ioctl structures could result in leaking
stack bytes to a userspace process.


* NULL pointer dereference in futex requeuing.

A missing NULL pointer check could result in a kernel crash when
attempting to requeue a futex.


* NULL pointer dereference in non-pi futexes.

Incorrect configuration of futex addresses could lead to a NULL pointer
dereference and kernel crash.


* Incorrect permissions check in NFSd credentials handling.

Incorrect permissions check in the NFSd subsystem could allow a user
to access files which he doesn't have permission to access.


* CVE-2012-3412: Remote denial of service through TCP MSS option in SFC NIC.

A malicious remote user may trigger a denial-of-service in hosts using the SFC
NIC by reducing the size of the TCP MSS and causing the victim to run out
of resources while processing the packets.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.