[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2013-19650)

[Oracle Ksplice]

Synopsis: FEDORA-2013-19650 can now be patched using Ksplice

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-19650.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel crash in Bluetooth HID reporting.

Out of bounds memory accesses could trigger a page fault and kernel
crash when reading data that was not naturally aligned.


* NULL pointer dereference in IPv6 FIB rule addition failure.

Incorrect error handling could trigger a NULL pointer dereference when
failing to add an IPv6 FIB rule and causing a kernel crash.


* NULL pointer dereference in netpoll driver cleanup.

Incorrect locking could result in a NULL pointer dereference when
cleaning up a netpoll device as used in netconsole resulting in a kernel
crash.


* Kernel crash in Xen netback frontend slot packing.

Under specific conditions the number of slots required to send packets
were incorrectly counted in the backend.  This could cause the frontend
to lose synchronization and later crash the guest kernel.


* NULL pointer dereference in bridge link handling.

Incorrect locking could result in a race condition and subsequent NULL
pointer dereference and kernel crash.


* NULL pointer dereference in bridge port removal.

Incorrect synchronization could cause a NULL pointer and kernel crash
when receiving a frame at the same time as removing the port.


* Predictable sequence numbers in network packets.

On a server that never opened a TCP socket, the networking secret used
to derive sequence numbers would never be initialized and could result
in predictable sequence numbers for other protocols.


* Use-after-free in IP tunnel transmission.

A use-after-free in packet transmission in an IP tunnel could result in
a kernel crash or memory corruption.


* Memory corruption in IP tunnel packet transmission.

Incorrect handling of the IP in IP header could result in heap memory
corruption when transmitting packets under specific conditions.


* Kernel panic in ELF coredumping with large number of mmapped files.

On a system where a large number of mappings are permitted, a local,
unprivileged user could trigger a NULL pointer dereference when writing
corefiles and storing the filenames of the mapped files.


* Kernel crash in max98095 audio codec driver.

Incorrect validation of user supplied data could allow a local user with
access to the codec device to trigger an out-of-bounds memory access and
kernel panic.


* Kernel crash in 88pm860x audio codec driver.

Missing validation of user supplied data could allow a local user with
access to the codec device to trigger an out of bounds memory access and
kernel panic.


* Kernel crash and information leak in ab8500 audio codec driver.

Missing validation of user supplied input could result in an
out-of-bounds memory access and kernel panic or stack information leak
if a local user has access to the audio codec device.


* NULL pointer dereference with invalid /proc/sys/kernel/core_pattern.

If /proc/sys/kernel/core_pattern contained only a single '|' character
then a NULL pointer dereference could crash the kernel.  This could only
be triggered by a local, privileged user.


* NULL pointer dereference in NFSv4.1 data server connection failure.

Failure to connect to an NFS data server could trigger a NULL pointer
dereference and kernel crash.


* Incorrect permission checks on networking sysctls.

Permission checks in the networking sysctl interface incorrectly use the
current uid/gid rather than the effective uid/gid which could allow an
unprivileged user to manipulate network settings using a setuid binary.


* NULL pointer dereference in MMC card removal.

Incorrect ordering of device removal could result in NULL pointer
dereference when removing an MMC card from the system.


* Kernel crash in btrfs backref checking.

Incorrect handling of backref checking for blocks could result in
hitting a kernel assertion and kernel crash.


* Use-after-free in btrfs reference handling.

Incorrect locking could lead to a use-after-free when processing btrfs
references.  This could result in a kernel crash or memory corruption.


* NULL pointer dereference in bcache write requests.

Missing initialization could cause a NULL pointer dereference when
writing a request from a bcache device, resulting in a kernel crash.


* Use-after-free in Linux Security Modules.

Incorrect synchronization could cause a race condition between security
and auditing checks.  This race could result in a use-after-free
triggering memory corruption or a kernel crash.


* Denial-of-service in ext4 extended attribute error handling.

Missing memory freeing in the error path of extended attribute handling
could cause a memory leak and denial of service under specific
circumstances.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.