[Ksplice][Fedora-17-updates] New updates available via Ksplice (FEDORA-2012-14952)
Phil Turnbull
phil.turnbull at oracle.com
Mon Oct 1 12:51:54 PDT 2012
Synopsis: FEDORA-2012-14952 can now be patched using Ksplice
Systems running Fedora 17 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-14952.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 17 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Kernel panic in packet scheduler.
A missing bounds check in the network packet scheduler can lead to
a kernel panic.
* Kernel panic in packet ring-buffer.
An invalid assumption between the kernel and a userspace process can
lead to a kernel panic when destroying packets in a ring-buffer.
* Information leak in ATM socket options.
The SO_ATMPCV socket option allows malicious users to disclose the
contents of kernel memory.
* Information leak in ATM socket name.
An malicious user can disclose the contents of kernel memory by calling
getsockname() on an ATM socket.
* Information leak in Bluetooth socket options.
The HCI_FILTER socket option allows malicious users to disclose
the contents of kernel memory.
* Information leak in Bluetooth socket name.
A malicious user can disclose the contents of kernel memory by calling
getsockname() on a Bluetooth socket.
* Information leak in Bluetooth RFCOMM socket options.
The BT_SECURITY socket option allows malicious users to disclose the
contents of kernel memory.
* Information leak in Bluetooth RFCOMM ioctl.
The RFCOMMGETDEVLIST ioctl allows malicious users to disclose the
contents of kernel memory.
* Information leak in Bluetooth RFCOMM socket name.
A malicious user can disclose the contents of kernel memory by calling
getsockname() on an Bluetooth RFCOMM socket.
* Information leak in Bluetooth L2CAP socket name.
A malicious user can disclose the contents of kernel memory by calling
getsockname() on an Bluetooth L2CAP socket.
* Information leak in IPv6 L2TP socket name.
A malicious user can disclose the contents of kernel memory by calling
getsockname() on an IPv6 L2TP socket.
* Information leak in LLC socket name.
A malicious user can disclose the contents of kernel memory by calling
getsockname() on an LLC socket.
* Information leak in DCCP socket options.
The DCCP_SOCKOPT_CCID_TX_INFO socket option allows malicious users to
disclose the contents of kernel memory.
* Information leak in socket compatibility ioctl.
The SIOCGIFCONF socket option allows malicious users to disclose the
contents of kernel memory.
* Netlink spoofing allows privilege elevation.
A local user may be able to elevate privileges by spoofing the source
of a netlink message.
* Kernel panic in netconsole bridge device.
A reference-counting error can cause a kernel panic when removing a
bridge device which has a netconsole running on it.
* Use-after-free in Intel HD Audio.
A use-after-free condition can be triggered when resetting an Intel HD
Audio codec.
* Kernel panic in zcache shrinking.
A race condition between zcache and cleancache can cause a kernel
panic when shrinking a zcache.
* Kernel hang when unregistering sysctl entry.
A reference counting error in procfs can cause a kernel hang when
unregistering a sysctl entry.
* Logic error in RSA signature validation.
A logic error when comparing digital signatures can cause invalid RSA
signatures to be considered valid.
* Denial of service in network block device.
A race condition when a network block device server fails can lead to
memory exhaustion.
* Memory corruption in Logitech HID driver.
A heap buffer-overflow can be triggered when processing input events
from a Logitech Unifying device.
* CIFS pathname memory corruption.
A heap buffer-overflow can be triggered remotely when processing UTF-16
pathnames.
* Kernel panic in Broadcom 5709 driver.
A kernel panic can be triggered when a Broadcom 5709 device is under
heavy load.
* Use-after-free in Bluetooth HCI driver.
A use-after-free condition can be triggered when resetting a Bluetooth
HCI device.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-17-Updates
mailing list