[Ksplice][Fedora-17-updates] New updates available via Ksplice (FEDORA-2012-16669)

Phil Turnbull phil.turnbull at oracle.com
Fri Nov 9 03:14:36 PST 2012 

Synopsis: FEDORA-2012-16669 can now be patched using Ksplice
CVEs: CVE-2012-4508 CVE-2012-4565

Systems running Fedora 17 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-16669.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 17 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2012-4508: Stale data exposure in ext4.

A race condition in the usage of asynchronous IO and fallocate on an
ext4 filesystem could lead to exposure of stale data from a deleted
file. An unprivileged local user could use this flaw to read privileged
information.


* Memory corruption in SUNRPC procfs.

A stack buffer overflow can be triggered by reading the contents of the
"flush" procfs file, leading to a kernel panic.


* Kernel panic in IPv4 ARP and IPv6 Neighbor Discovery.

An invalid assumption in the IP stack can lead to a kernel panic when
failing to send an IPv4 ARP or IPv6 Neighbor Discovery packet.


* Memory corruption in general purpose allocator.

The kernel does not allocate the correct amount of metadata for the
general purpose allocator, leading to memory corruption under certain
workloads.


* Kernel panic in CIFS dentry lookup.

The CIFS filesystem client implementation does not correctly handle
opening an invalid directory entry, leading to a kernel panic.


* CVE-2012-4565: Divide by zero in TCP congestion control Algorithm.

The TCP Illinois congestion control algorithm does not correctly handle
a zero number of RTTs when reading TCP stats, leading to a
divide-by-zero and kernel panic. A remote attacker could potentially use
this flaw to cause a remote denial of service.


* Kernel panic in lockd server.

The kernel lockd server does not correctly handle stale file handles
leading to a kernel panic. A remote attacker could potentially use this
flaw to cause a remote denial of service.


* NULL pointer dereference in ring-buffer resizing.

The kernel ring-buffer implementation, used by the kernel tracing
subsystem, does not correctly handle resizing buffers on certain
SMP systems, leading to a NULL pointer dereference and kernel panic.


* Kernel panic when sending RDS ping responses.

Incorrect locking in the RDS implementation can cause a kernel panic
when responding to RDS ping packets. A remote attacker could potentially
use this flaw to cause a remote denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-17-Updates mailing list