[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2013-14865)

Jamie Iles jamie.iles at oracle.com
Sun Aug 18 03:54:50 PDT 2013 

Synopsis: FEDORA-2013-14865 can now be patched using Ksplice

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-14865.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel crash in VIRTIO SCSI device removal.

Incorrect handling of VIRTIO SCSI devices during removal could result in
an out-of-bounds access and kernel crash.


* Improved fix to "Filesystem corruption on ext4 truncation.".

An incorrect fix in the upstream patch resulted in the fixed code never
being called allowing filesystem corruption to still occur.


* Use-after-free in ACPI sysfs attributes.

Missing locking in two sysfs attributes could cause a use-after-free and
kernel crash when accessing the attributes at the same time as device
hotplug or hot-unplug.


* Kernel crash in NFS lock manager lock freeing.

Incorrect handling of the system hostname across UTS namespaces could
result in a kernel oops when freeing locks.


* Kernel oops in VIRTIO console with splice().

A splice() with no buffers to a VIRTIO console device would result in a
kernel oops, triggerable by a local user with permissions to access the
serial device.


* Kernel crash in simultaneous VIRTIO console splice().

Missing locking could result in a kernel crash when multiple processes
tried to splice to and from a VIRTIO console device.


* Kernel oops in simultaneous VIRTIO console open + unplug.

Missing synchronization could result in a crash if the device was opened
at the same time as the device was unplugged.


* Buffer overflow in CIFS credentials.

An incorrectly sized buffer could result in a buffer overflow, allowing
a malicious server to cause heap memory corruption.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-19-Updates mailing list