[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2013-14865)
Jamie Iles
jamie.iles at oracle.com
Sun Aug 18 03:54:50 PDT 2013
Synopsis: FEDORA-2013-14865 can now be patched using Ksplice
Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-14865.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Kernel crash in VIRTIO SCSI device removal.
Incorrect handling of VIRTIO SCSI devices during removal could result in
an out-of-bounds access and kernel crash.
* Improved fix to "Filesystem corruption on ext4 truncation.".
An incorrect fix in the upstream patch resulted in the fixed code never
being called allowing filesystem corruption to still occur.
* Use-after-free in ACPI sysfs attributes.
Missing locking in two sysfs attributes could cause a use-after-free and
kernel crash when accessing the attributes at the same time as device
hotplug or hot-unplug.
* Kernel crash in NFS lock manager lock freeing.
Incorrect handling of the system hostname across UTS namespaces could
result in a kernel oops when freeing locks.
* Kernel oops in VIRTIO console with splice().
A splice() with no buffers to a VIRTIO console device would result in a
kernel oops, triggerable by a local user with permissions to access the
serial device.
* Kernel crash in simultaneous VIRTIO console splice().
Missing locking could result in a kernel crash when multiple processes
tried to splice to and from a VIRTIO console device.
* Kernel oops in simultaneous VIRTIO console open + unplug.
Missing synchronization could result in a crash if the device was opened
at the same time as the device was unplugged.
* Buffer overflow in CIFS credentials.
An incorrectly sized buffer could result in a buffer overflow, allowing
a malicious server to cause heap memory corruption.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-19-Updates
mailing list