[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2013-16379)
Oracle Ksplice
ksplice-support_ww at oracle.com
Fri Sep 13 07:33:30 PDT 2013
Synopsis: FEDORA-2013-16379 can now be patched using Ksplice
CVEs: CVE-2013-2888
Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-16379.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* NULL pointer dereference in HDMI sound driver.
The kernel does not validate a pointer when processing sound data from a HDMI
device causing a NULL pointer dereference and kernel panic.
* Kernel panic in removable memory sysfs interface.
When showing the contents of the /sys/devices/system/memory/memory*/removable
sysfs file, the kernel does not validate that all memory sections are present
causing a kernel panic.
* NULL pointer dereference in memory control groups.
The kernel does not validate a pointer when querying the memory control group
cache causing a NULL pointer dereference and kernel panic.
* Kernel panic in Atheros AR9001/AR9002 transmit.
The Atheros wireless driver does not correctly manage packet data on AR9001 and
AR9002 devices leading to an assertion failure and kernel panic.
* Use-after-free in 802.11 IBSS processing.
The generic 802.11 driver does not correctly adjust a reference count when
leaving an IBSS ad-hoc network leading to a use-after-free condition and kernel
panic.
* NULL pointer dereference in iSCSI NOP processing.
A NULL pointer dereference and kernel panic can be triggered if a iSCSI target
sends a NOP command in the middle of an exchange.
* CVE-2013-2888: Memory corruption in Human Input Device processing.
The kernel does not correctly validate the 'Report ID' field in HID data allowing
a malicious USB or Bluetooth device to cause memory corruption and gain kernel
code execution.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-19-Updates
mailing list