[Ksplice][Fedora-17-updates] New updates available via Ksplice (FEDORA-2013-2597)

Mon Feb 25 09:29:24 PST 2013

Synopsis: FEDORA-2013-2597 can now be patched using Ksplice
CVEs: CVE-2013-0290

Systems running Fedora 17 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-2597.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 17 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Memory leak in RSA digital signature verification.

An internal buffer was not freed at the end of the verification process.

* Memory leak in xHCI USB host request handler.

The private date related to TX events in the USB request handler was
not freed.

* Use-after-free in regulator device matching.

Failure to initialize the list of possible matches can result in
access to match information that was previously freed.

* NULL pointer dereference in Bluetooth PDU handling.

A NULL pointer dereference may occur if PDUs are received after the control
channel was closed.

* Kernel panic in TCP fast open on uniprocessor machines.

An invalid locking test for uniprocessor machines results in a system panic.

* Off-by-one error in qlogic netxen NIC driver.

An off by one bug in the qlogic netxen driver would trigger a kernel panic
on full size TSO packets.

* Use-after-free in IP loopback transmission handling.

The loopback driver didn't correctly handle a specific type of data, which
would allow a packet to be freed before being processed.

* Kernel panic on GRE checksum calculation.

Checksum wasn't correctly calculated when GRE GSO support was enabled,
leading to a kernel panic.

* Memory leak in raw packet protocol ring.

Extra packets were allocated and lost during initialization.

* Kernel page mapping information leak in dmesg.

On x86 systems, an unprivileged process can easily determine whether an address
residing within the kernel address space is mapped or unmapped by examining
the error code reported to dmesg.[1]

[1] http://vulnfactory.org/blog/2013/02/06/a-linux-memory-trick/

* CVE-2013-0290: Denial of service in network datagram processing.

The datagram processing routine didn't properly handle message peeking, causing
an infinite loop followed by a system hang.

* SCTP key leak in shared secret key setup.

The SCTP association key setup did not securely free the key memory
resulting in a possible leak of the key to an attacker.

* Kernel crash on virtio console removal.

The kernel could access uninitialized data on device removal causing a
kernel crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.