[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2013-21420)

Tue Nov 19 13:01:06 PST 2013

Synopsis: FEDORA-2013-21420 can now be patched using Ksplice
CVEs: CVE-2013-4513

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-21420.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Deadlock in block device caching.

The block device cache subsystem allocates memory with incorrect options
potentially causing a deadlock and kernel panic.

* Denial of service in 802.11 packet transmission.

An invalid rate parameter in packets received over an 802.11 wireless interface
can trigger a divide-by-zero error and kernel panic.

* Deadlock in JFS inode allocation.

When failing to allocate new inodes on a JFS filesystem, the JFS filesystem
driver incorrectly unlocks inodes leading to a deadlock and kernel panic.

* Memory leak in ecrypt filesystem initialization.

When initializing a ecrypt filesystem the ecryptfs driver does not free memory
when decrypting the session key causing a kernel memory leak.

* Data loss in ecryptfs on 32-bit systems.

An integer overflow in the ecryptfs driver can lead to data loss when writing to
files that are over 4GB in size.

* Kernel panic in RAID5 buffer merging.

The kernel RAID5 driver does not correctly manage buffers when merging multiple
requests leading to a kernel panic in the kernel SCSI driver.

* NULL pointer dereference in pSCSI device initialization.

A NULL pointer dereference and kernel panic can be triggered when the pass-
through SCSI driver fails to lookup a host.

* CVE-2013-4513: Memory corruption in USB-over-WiFi host driver.

The Ozmo USB-over-WiFi driver does not fully validate userspace arguments allowing
a malicious local user to trigger kernel memory corruption and gain elevated privileges.

* Missing capability check in AAC RAID compatibility ioctl.

A missing capability check in the AAC RAID compatibility ioctl allows local users
to gain elevated privileges.

* Kernel panic in procfs pagemap reading.

If a process contains memory ranges not managed by the kernel then a local user
can trigger a kernel panic by reading the contents of /proc/*/pagemap.

* Memory corruption in DRM ioctl.

The DRM driver incorrectly allocated memory when processing a ioctl from userspace
allowing a malicious local user to trigger kernel memory corruption and gain elevated
privileges.

* Infinite loop in cgroup task attaching.

A race condition when attaching threads into an existing cgroup can trigger an
infinite loop if the cgroup is exiting leading to a kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.