[Ksplice][Fedora-17-updates] New updates available via Ksplice (FEDORA-2012-16669)

Wed Oct 31 10:29:03 PDT 2012

Synopsis: FEDORA-2012-16669 can now be patched using Ksplice
CVEs: CVE-2012-0957

Systems running Fedora 17 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-16669.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 17 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Memory leak in NFS4 file closing.

The NFS4 server subsystem does not correctly free memory when closing a
file handle which eventually leads to memory exhaustion and a kernel
panic.

* Logic error in NFS4 idmap parsing.

The NFS4 server subsystem does not correctly parse numeric identifiers
in NFS requests potentially allowing remote users to bypass file
permissions.

* Memory leak in Cirrus Logic audio driver.

The Cirrus Logic driver does not correctly free memory when failing
to initialise an audio device.

* Kernel panic in multiple filesystems.

An out-of-bounds read can cause a kernel panic when opening a file on
GFS2, ISO 9660, Reiser, XFS or Posix shared memory filesystems.

* Deadlock in iSCSI SendTargets error path.

Invalid locking when failing to send a 'SendTargets' packet can lead
to a deadlock and kernel panic.

* NULL pointer dereference in VFIO interrupt.

A race condition when initialising a VFIO device can cause a NULL
pointer dereference and kernel panic.

* Memory leak in Atheros 802.11n driver.

The Atheros 802.11n driver does not correctly free memory when failing
to send frames leading to memory exhaustion and a kernel panic.

* Memory leak in 802.11 wireless driver.

The generic 802.11 wireless driver does not correctly free memory when
failing to send frames leading to memory exhaustion and a kernel panic.

* NULL pointer dereference in audit subsystem.

A NULL pointer dereference and kernel panic can be triggered in the
audit subsystem under low-memory conditions.

* Use-after-free in audit subsystem.

A use-after-free condition can be triggered in the audit subsystem when
failing to follow a symlink.

* Use-after-free when unloading Radeon graphics driver.

A use-after-free condition can be triggered when unloading the
Radeon graphics driver.

* Kernel panic in Realtek HD audio driver.

An out-of-bounds read in the Realtek HD audio driver can cause a kernel
panic when initialising a device.

* NULL pointer dereference in AC97 sound driver.

A NULL pointer dereference and kernel panic can be triggered when
initialising an AC97 device under low-memory conditions.

* CVE-2012-0957: Information leak in uname syscall.

A process running under a UNAME26 personality can disclose the contents
of kernel memory via the uname syscall.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.