[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2013-14518)

[Jamie Iles]

Synopsis: FEDORA-2013-14518 can now be patched using Ksplice

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-14518.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel panic in SunRPC RDMA transport marshalling.

The RDMA transport for the kernel SunRPC server does not validate chunk lists in
received packets allowing remote users to cause a kernel panic.


* Use-after-free in iSCSI iSER command handling.

Missing reference counting in the iSCSI RDMA extensions (iSER) could
result in a use-after-free and kernel crash.


* Use-after-free in SCSI unit attention handling.

Incorrect handling of commands during a retry due to unit attention
codes could result in a use-after-free and kernel crash.


* NULL pointer dereference in USB XHCI doorbell.

A missing check for NULL could result in a kernel crash when handling
non-responsive XHCI peripherals.


* NULL pointer dereference in XHCI host controller failure.

Missing NULL pointer checks could result in a kernel crash when a XHCI
host controller fails.


* Denial-of-service in Moschip 7840/7820 USB serial driver.

Missing resource freeing would result in a memory leak when failing to
open the device allowing a user with sufficient privileges to exhaust
memory.


* Memory corruption in comedi read/write with concurrent ioctl.

Missing locking in the comedi driver could result in memory corruption
and a kernel crash.


* Filesystem corruption in btrfs during device replacement.

Incorrect offset calculation during device replacement could result in
the filesystem being corrupted on disk.


* Deadlock in btrfs snapshot deletion.

Missing lock tracking could result in deadlock when deleting a snapshot
causing the system to hang.


* Kernel crash in NFS file open failure.

Incorrect handling of the return value from a failed open() call on an
NFS filesystem could result in dereferencing an invalid pointer and
triggering a kernel crash.


* NULL pointer dereference in register map driver.

Missing pointer checks could result in a NULL pointer dereference in the
register map driver.


* Use-after-free in ACPI memory hotplug failure.

Incorrect handling of memory hotplug failure could result in accessing a
stale pointer and triggering a kernel crash.


* NULL pointer dereference in radeon HDMI handling.

Missing NULL pointer checks in the radeon HDMI handling could result in
a NULL pointer dereference and kernel crash.


* Kernel crash in i915 connector handling.

Incorrect handling of multiple connectors on an Intel integrated
graphics device could result in accessing an invalid address resulting
in undefined behaviour.


* Denial-of-service in memory policy management with mbind().

Incorrect handling of memory policies during mbind() calls could result
in leaking memory policies allowing a local user to cause a
denial-of-service.


* Memory leak in TTY device hangup.

Missing reference counting in TTY hangup could result in a memory leak.


* Livelock in filesystem mounting.

Incorrect locking in filesystem superblock handling could result in
livelock causing the filesystem to fail to mount and the mounting tasks
to hang.


* Deadlock in Xen event channel removal.

Incorrect locking in the Xen event channel driver could result in
deadlock and a system hang when unbinding a channel with the
IOCTL_EVTCHN_UNBIND ioctl.


* Memory corruption in Intel i915 memory management.

Incorrect list handling could result in accessing invalid memory and
corrupting the state of the DRM memory management system.


* Deadlock in module unloading with tracing enabled.

Incorrect locking in removing trace events could lead to deadlock when
removing a module that contains tracepoints.


* Buffer overflow in iSCSI target configfs.

An incorrect length check when configuring an iSCSI target via configfs can allow
kernel memory corruption and privilege escalation.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.