[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2013-14714)

[Jamie Iles]

Synopsis: FEDORA-2013-14714 can now be patched using Ksplice
CVEs: CVE-2013-4205

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-14714.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2013-4205: Denial-of-service in user namespaces.

Unbound creation of user namespaces could result a memory leak allowing
a local, unprivileged user to crash the machine by repeatedly creating
new user namespaces.


* Firmware crash in Intel WiFi block acknowledgement sessions.

Incorrect resource handling could result in a firmware assertion after
multiple block acknowledgement sessions causing the system to crash.


* Kernel crash in Intel WiFi with small beacon intervals.

Attempting to connect to an access point with a becaon interval less
than 16 could trigger a firmware bug causing a kernel crash.


* NULL pointer dereference in 802.11 Minstrel rate control.

A missing pointer check could result in dereferencing a NULL pointer and
crashing the system when performing wireless rate control.


* Kernel stack information leak in non-station 802.11 ethtool stats.

Missing initialization could allow a local user to gain kernel stack
information through ethtool statistics on a non-station 802.11
interface.


* Multiple kernel crashes in bluetooth subsystem.

Incorrect handling of error return values could result in incorrect
behaviour or a kernel crash.


* Kernel crash in SUNRPC GSS proxy.

Incorrect cleanup when proxying GSS credentials in the SunRPC server
could trigger a kernel panic.


* Use-after-free in zram driver unloading.

When the zram driver is unloading, it incorrectly attempts to reset a zram device
after destroying it leading to a use-after-free condition and kernel panic.


* Use-after-free in freeing zram pages.

Incorrect locking the zram driver when freeing pages can trigger a use-after-free
or BUG_ON leading to a kernel panic.


* Double free in zram partial writes.

The zram driver does not correctly handle partial writes to zero filled memory
leading to a double free and kernel panic.


* Memory corruption in zram reading and writing.

Read and write requests from userspace to a zram device are not correctly validated
leading to kernel memory corruption and possible elevation of privileges.


* Use-after-free in zram sysfs interface.

Incorrect locking in the zram sysfs interface can cause a use-after-free and kernel
panic when reading from the 'mem_used_total' sysfs file while reseting a device.


* NULL pointer dereference in PCI hotplug device removal.

Removing a PCI device with SR-IOV enabled could trigger a NULL pointer
dereference in the PCI hotplug system, crashing the kernel.


* Race condition in unloading cgroup kernel modules.

A race condition between unloading a cgroup kernel module and unmounting a cgroup
filesystem can trigger a reference counting error and cause a kernel panic.


* Kernel crash in btrfs unique value list.

Incorrect copying of data pointers could result in invalid memory
accesses including NULL pointer dereferences under specific conditions
on a btrfs filesystem.


* Use-after-free in IPv6 multicast routing namespace cleanup.

Incorrect locking could result in a use-after-free and kernel crash when
removing a network namespace.


* Kernel information leak in Class Based Queueing network scheduler.

Missing initialization in the CBQ network scheduler could result in
leaking kernel stack information to userspace.


* Kernel stack information leaks in PF_KEY sockets.

Missing initialization in a number of PF_KEY socket calls could result
in leaking kernel stack information to userspace.


* Kernel stack information leak in ATM network scheduler.

Missing initialization could cause kernel stack information to be leaked
from the ATM network scheduler to userspace.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.