[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2013-15198)

Oracle Ksplice ksplice-support_ww at oracle.com
Fri Aug 23 12:46:35 PDT 2013 

Synopsis: FEDORA-2013-15198 can now be patched using Ksplice
CVEs: CVE-2013-0343

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-15198.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel panic in cgroup memory control cache.

The cgroup memory control subsystem does not correctly initialise a data structure
when registering a cache in a control group causing a page fault and kernel panic.


* Heap buffer overflow when reading "pagemap" procfs file.

The kernel does not correctly allocate a temporary buffer when reading from the
"pagemap" procfs file, leading to a kernel heap overflow and possible code
execution.


* NULL pointer dereference in Keyspan USB-to-serial driver.

A NULL pointer dereference and kernel panic can be triggered if a memory
allocation fails when attaching a Keyspan USB device.


* NULL pointer in Wireless USB data transfer.

A NULL pointer dereference and kernel panic can be triggered when disconnecting
a wireless USB device while transferring data.


* Use-after-free in ext4 metadata error path.

If an error is encountered when writing dirty ext4 metadata to disk, a use-after-
free condition can be triggered causing a kernel panic.


* CVE-2013-0343: Denial of service in IPv6 privacy extensions.

A malicious remote user can disable IPv6 privacy extensions by flooding the host
with malicious temporary addresses.


* Unlimited stack ASLR bypass on 64-bit systems.

If a process is started with an unlimited stack the address of the stack base is
not randomised allowing attackers to correctly guess the address of stack
variables, making exploitation of processes easier.


* Data corruption in virtual memory TLB invalidation.

Under certain conditions the kernel does not correctly invalidate the TLB when
unmapping virtual memory causing user-mode processes to use stale data.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-19-Updates mailing list