[Ksplice][Fedora-17-updates] New updates available via Ksplice (FEDORA-2012-18684)

Phil Turnbull phil.turnbull at oracle.com
Thu Nov 22 11:31:15 PST 2012 

Synopsis: FEDORA-2012-18684 can now be patched using Ksplice
CVEs: CVE-2012-4461

Systems running Fedora 17 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-18684.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 17 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use-after-free in Atheros Wireless driver.

A use-after-free condition can be triggered when the Atheros driver
tears down a wireless session leading to a kernel panic.


* Kernel panic in 802.11 frame parsing.

The generic 802.11 wireless driver does not correctly handle truncated
non-management frames leading to an out-of-bounds read and kernel
panic. This issue may be triggered by a remote attacker.


* Kernel panic in 802.11 EAPOL parsing.

The generic 802.11 wireless driver does not correctly handle truncated
EAP-over-LAN frames leading to an out-of-bounds read and kernel panic.
This issue may be triggered by a remote attacker.


* Memory leak in IPsec and IP fragment reassembly.

The kernel IPsec implementation and IPv4/IPv6 stack do not correctly
free memory leading to a memory leak when processing fragmented packets.


* Use-after-free in L2TP Ethernet session.

The kernel L2TP driver does not correctly handle failing to initialise
a L2TPv3 Ethernet session leading to a use-after-free and kernel panic.


* Memory corruption in USB audio driver.

Memory corruption can be triggered in the USB audio driver when
restarting a PCM audio stream leading to a kernel panic.


* Memory corruption in USB EHCI driver.

The USB EHCI driver does not properly construct isochronous USB requests
leading to memory corruption in the USB core driver under certain workloads.


* Kernel panic in USB serial driver.

The USB serial driver uses an incorrect offset when probing Keyspan
USB serial adapters leading to a kernel panic.


* CVE-2012-4461: Kernel panic KVM XSAVE support.

On machines without XSAVE instruction support a malicious guest can
cause a host kernel panic via the SET_SREGS ioctl.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-17-Updates mailing list