[Ksplice][Fedora-17-updates] New updates available via Ksplice (FEDORA-2013-4357)

Wed Apr 3 08:05:52 PDT 2013

Synopsis: FEDORA-2013-4357 can now be patched using Ksplice
CVEs: CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1848 CVE-2013-1873

Systems running Fedora 17 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-4357.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 17 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Memory leak in DesignWare USB driver.

The DesignWare USB driver module fails to free kernel memory allocated
for devices when unloading the module.

* CVE-2013-1848: Format string vulnerability in ext3 mounting.

The ext3 file-system driver incorrectly uses an argument from userspace
as a format string allowing local users with the ability to mount ext3
filesystems to corrupt kernel memory and gain privileged execution.

* NULL pointer dereference in ALSA sequence timer.

The ALSA driver does not correctly handle failing to initialise a
sequence timer object leading to a NULL pointer dereference.

* Deadlock in SELinux xfrm networking.

The SELinux security module uses an invalid combination of flags to
allocate memory when validating users of the xfrm module leading to a
deadlock.

* Memory leak in PPPoL2TP messaging.

The PPPoL2TP tunneling protocol does not decrement a reference counter
when a user calls sendmsg on a PPPoL2TP socket causing a kernel memory leak.

* Denial of service in RDS socket allocation.

The RDS networking module does not correctly validate arguments from
userspace allowing an unprivileged user to exhaust kernel memory and
trigger the OOM killer.

* CVE-2013-1873: Information leaks in networking.

A number of system calls in the dcbnl, rtnl and bridge modules allow
unprivileged local users to leak the contents of kernel memory.

* CVE-2013-1798: Information leak in KVM APIC driver.

The KVM paravirtualised APIC driver does not correctly validate
arguments from the guest virtual machine when querying the APIC device
allowing a malicious guest virtual machine read kernel memory from the host.

* CVE-2013-1796: Buffer overflow in KVM system time MSR.

The KVM paravirtualised MSR driver does not correctly validate system
timer arguments allowing a guest virtual machine to corrupt host kernel
memory by providing an unaligned MSR value.

* CVE-2013-1797: Use-after-free in KVM system time.

The KVM paravirtualised MSR driver does not pin guest memory associated
with paravirtualised timers allowing a guest virtual machine to crash
the host by unmapping memory.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.