[Ksplice][Fedora-17-updates] New updates available via Ksplice (FEDORA-2013-7826)
Jamie Iles
jamie.iles at oracle.com
Thu May 16 08:50:49 PDT 2013
Synopsis: FEDORA-2013-7826 can now be patched using Ksplice
CVEs: CVE-2013-0160
Systems running Fedora 17 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-7826.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 17 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service in RCU tracing files.
A memory leak in the RCU tracing debugfs files could allow an
unprivileged user to leak memory and cause a denial-of-service.
* Denial-of-service in dcache shrinking.
Removing entries from the dcache when there are a large number of open
files could result in a soft-lockup of the system.
* Use-after-free in sysfs read/write accesses.
A race condition between read/write accesses and readdir calls on sysfs
directories could result in a use-after-free and kernel crash.
* Denial-of-service in /proc/fs/fscache/stats.
A memory leak in /proc/fs/fscache/stats could allow an unprivileged user
to leak memory and cause a denial-of-service.
* Improved fix to CVE-2013-0160.
The original upstream fix for CVE-2013-0160 did not guard against the device
files being monitored with fsnotify and was still exploitable.
* Kernel crash in cgroup process attachment.
Incorrect initialization could cause the kernel to crash on memory
allocation failure when under heavy memory pressure.
* Use-after-free in frame buffer console fonts.
Changing framebuffer consoles did not correctly font data resulting in
use-after-free and kernel crash.
* Double-free in cgroup extended attributes.
Due to erroneous ownership logic, memory allocated for extended attributes
would be freed more than once. A malicious local user could potentially
use this to cause denial of service by crashing the kernel.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-17-Updates
mailing list