[Ksplice][Fedora-17-updates] New updates available via Ksplice (FEDORA-2013-12990)

[Phil Turnbull]

Synopsis: FEDORA-2013-12990 can now be patched using Ksplice
CVEs: CVE-2013-1059 CVE-2013-2232 CVE-2013-2234 CVE-2013-4127

Systems running Fedora 17 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-12990.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 17 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory corruption in Bluetooth L2CAP MTU control.

An integer underflow and memory corruption can be triggered by reducing the MTU
of an L2CAP socket and then sending a large L2CAP packet.


* Kernel deadlock when removing a Frame Relay device.

Incorrect locking when removing a Frame Relay DLCI device can cause a deadlock
and kernel panic.


* Kernel panic when removing a Frame Relay device.

Using the DLCI ioctl to remove a Frame Relay device on a socket that is not a
Frame Relay device can cause an invalid memory access and kernel panic.


* Missing permission checks in perf monitoring of setuid processes.

An invalid security check when executing a new process can allow unprivileged
users to monitor setuid processes using the kernel performance event subsystem.


* Memory leak in IPv6 fragmentation tracking.

The kernel IPv6 connection tracker does not correctly handle fragmented IPv6
packets leading to a kernel memory leak.


* CVE-2013-1059: NULL pointer dereference in CephFS authentication.

A lack of validation can allow a remote user to trigger a NULL pointer dereference
and kernel panic by attempting to authenticate with the "auth_none" Ceph
authentication.


* Deadlock in CephFS extended attributes.

Invalid locking in the Ceph filesystem when reading extended attributes can cause
a deadlock and kernel panic.


* Format string vulnerability in power charger manager.

A lack of sanitisation of a parameter when notifying udev about power charger
events can trigger a format string vulnerability and cause a kernel panic.


* Integer overflow in HP filesystem mounting.

An integer overflow and kernel panic can be triggered by attempting to mount a
malformed HP filesystem.


* Format string vulnerability in crypto subsystem.

A lack of sanitisation of a parameter when looking up crypto algorithms in the
kernel can trigger a format string vulnerability and cause a kernel panic


* Use-after-free in cgroup memory control groups.

Invalid reference counting in the cgroup memory control groups can cause a use-
after-free condition and kernel panic.


* CVE-2013-2234: Information leak in IPsec key management.

An error in the AF_KEY implementation allows privileged users to leak contents of
the kernel stack to userspace.


* CVE-2013-2232: Memory corruption in IPv6 routing cache.

Connecting an IPv6 socket to an IPv4 destination can cause IPv4 routing
information to be placed in the IPv6 routing cache causing memory corruption
and a kernel panic.


* CVE-2013-4127: Use-after-free in virtio networking.

Incorrect memory management in the virtio networking driver can cause a use-after
-free condition and kernel panic when flushing DMA requests.


* Data corruption in ext4 filesystem on 32-bit systems.

A number of integer overflows when handling 64-bit integers in the ext4 filesystem
on 32-bit systems can cause data corruption and/or loss.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.