[Ksplice][Fedora-17-updates] New updates available via Ksplice (FEDORA-2012-14355)

[Jamie Iles]

Synopsis: FEDORA-2012-14355 can now be patched using Ksplice

Systems running Fedora 17 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2012-14355.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 17 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Race-condition in VFS file operations.

A race condition when performing scatter-gather IO on a file can lead
to data corruption.


* Kernel crash in hugetlbfs page sharing.

A race condition in the hugetlbfs page sharing code could result in a
kernel crash when accounting address space.


* Integer underflow in target transport layer.

An integer underflow in the target subsystem could result in an
out-of-bounds array access and attempt to free an invalid memory area
resulting in a kernel crash.


* Memory leak in NFS page cache allocation.

Invalid error handling for memory allocation failures in NFS could
result in a memory leak and a denial-of-service.


* Kernel panic in Parallel NFS.

A kernel panic (BUG_ON) can be triggered when releasing file data because
of a broken assumption in the Parallel NFS implementation.


* Kernel crash in UBIFS failure handling.

Incorrect failure handling in UBIFS could result in a kernel crash when
mounting the filesystem under specific conditions.


* Use-after-free in audit tree management.

Incorrect use of reference counting in the audit subsystem could result
in a use-after-free condition and kernel crash.


* NULL pointer dereference in vmwgfx driver.

A NULL pointer dereference can be triggered in the VMware graphics
driver.


* Use-after-free in radeon buffer-object management.

Incorrect failure handling could result in a use-after-free condition
and kernel crash in the radeon driver.


* Kernel crash in BTRFS checksum error reporting.

The reporting of checksum error statistics in BTRFS could result in a
BUG_ON() and a kernel crash.


* Kernel panic in SUNRPC over TCP.

A kernel panic can be triggered when closing a SUNRPC TCP socket.


* Kernel crash in USB audio PCM capture.

Incorrect memory allocations could result in scheduling whilst atomic
and a kernel crash.


* Use-after-free in USB audio endpoint handling.

The USB audio driver incorrectly manipulated a linked list whilst
removing entries resulting in a use-after-free condition and kernel
crash.


* NUMA memory policy kernel panic.

A kernel panic can be triggered when querying a task's NUMA memory policy
via procfs.


* Invalid resource freeing in UBI layer.

The UBI layer incorrectly freed resources when handling eraseblocks
resulting in memory corruption and memory leaks.


* Denial-of-service in e1000e TSO handling.

A link partner with a sufficiently small MSS could result in the driver
attempting to use more transmit descriptors than were available and
trigger a denial-of-service.


* NULL pointer dereference in DCCP sockets.

A NULL pointer dereference can be triggered by querying or setting the
socket options of a DCCP socket that has no associated CCID.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.