[Ksplice][Fedora-17-updates] New updates available via Ksplice (FEDORA-2012-16669)
Phil Turnbull
phil.turnbull at oracle.com
Wed Oct 31 10:29:03 PDT 2012
Synopsis: FEDORA-2012-16669 can now be patched using Ksplice
CVEs: CVE-2012-0957
Systems running Fedora 17 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-16669.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 17 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Memory leak in NFS4 file closing.
The NFS4 server subsystem does not correctly free memory when closing a
file handle which eventually leads to memory exhaustion and a kernel
panic.
* Logic error in NFS4 idmap parsing.
The NFS4 server subsystem does not correctly parse numeric identifiers
in NFS requests potentially allowing remote users to bypass file
permissions.
* Memory leak in Cirrus Logic audio driver.
The Cirrus Logic driver does not correctly free memory when failing
to initialise an audio device.
* Kernel panic in multiple filesystems.
An out-of-bounds read can cause a kernel panic when opening a file on
GFS2, ISO 9660, Reiser, XFS or Posix shared memory filesystems.
* Deadlock in iSCSI SendTargets error path.
Invalid locking when failing to send a 'SendTargets' packet can lead
to a deadlock and kernel panic.
* NULL pointer dereference in VFIO interrupt.
A race condition when initialising a VFIO device can cause a NULL
pointer dereference and kernel panic.
* Memory leak in Atheros 802.11n driver.
The Atheros 802.11n driver does not correctly free memory when failing
to send frames leading to memory exhaustion and a kernel panic.
* Memory leak in 802.11 wireless driver.
The generic 802.11 wireless driver does not correctly free memory when
failing to send frames leading to memory exhaustion and a kernel panic.
* NULL pointer dereference in audit subsystem.
A NULL pointer dereference and kernel panic can be triggered in the
audit subsystem under low-memory conditions.
* Use-after-free in audit subsystem.
A use-after-free condition can be triggered in the audit subsystem when
failing to follow a symlink.
* Use-after-free when unloading Radeon graphics driver.
A use-after-free condition can be triggered when unloading the
Radeon graphics driver.
* Kernel panic in Realtek HD audio driver.
An out-of-bounds read in the Realtek HD audio driver can cause a kernel
panic when initialising a device.
* NULL pointer dereference in AC97 sound driver.
A NULL pointer dereference and kernel panic can be triggered when
initialising an AC97 device under low-memory conditions.
* CVE-2012-0957: Information leak in uname syscall.
A process running under a UNAME26 personality can disclose the contents
of kernel memory via the uname syscall.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-17-Updates
mailing list