[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2013-20547)

Wed Nov 6 11:51:52 PST 2013

Synopsis: FEDORA-2013-20547 can now be patched using Ksplice
CVEs: CVE-2013-4348 CVE-2013-4470

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-20547.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Memory corruption in Broadcom bnx2x GSO.

The Broadcom driver for NetXtremeII devices does not correctly handle cloned
packet data when GSO is enabled leading to memory corruption and a kernel panic.

* Use-after-free in IP TIME_WAIT sockets.

Incorrect reference counting in the kernel IP stack when handling receiving data
on TIME_WAIT sockets can trigger a use-after-free condition and cause a kernel
panic.

* Information leak in netlink connector.

When sending messages through the netlink connector, some elements of the message
are not initialised causing the contents of kernel memory to be exposed to
userspace.

* Deadlock in L2TP PPP packet transmission.

Invalid locking when transmitting packets over a L2TP PPP connection can trigger
a kernel deadlock when two processes send packets over the same connection.

* Memory leak in netem scheduler.

The netem network scheduler does not free memory when a network queue is reset
leading to a kernel memory leak.

* Information leak in FarSync network driver ioctl.

The SIOCWANDEV ioctl in the FarSync T-Series network driver does not initialise
memory before returning data to userspace, causing the contents of kernel memory
to be leaked to userspace.

* Information leak in Unix socket monitoring interface.

The Unix socket monitoring interface does not initialise memory when sending
information over a netlink socket causing the contents of kernel memory to be
leaked to userspace.

* Kernel panic in netlink kernel/userspace connector.

An incorrect length check when processing netlink messages in the kernel/
userspace connector can cause an out-of-bounds access and kernel panic.

* Information leak in wanXL IF_GET_IFACE ioctl.

The SBE wanXL network driver does not initialise memory when handling the
IF_GET_IFACE ioctl causing the contents of kernel memory to be leaked to
userspace.

* Denial-of-service in IPv4 CIPSO header validation.

The kernel IPv4 stack does not correctly handle malformed CIPSO headers in IPv4
packets leading to an infinite loop and kernel panic.

* CVE-2013-4470: Memory corruption in IPv4 and IPv6 networking corking with UFO.

The kernel IP stack does not correctly handle sending fragmented packets via a
device which has UDP Fragmentation Offload enabled leading to memory corruption
and a kernel panic.

* CVE-2013-4348: Denial-of-service in kernel network flow dissector.

The network flow dissector used by the kernel scheduler does not validate IP
headers in IP-over-IP connections allowing a remote malicious user to trigger an
infinite loop and kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.