[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2013-16379)

Oracle Ksplice ksplice-support_ww at oracle.com
Fri Sep 13 07:33:30 PDT 2013 

Synopsis: FEDORA-2013-16379 can now be patched using Ksplice
CVEs: CVE-2013-2888

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-16379.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* NULL pointer dereference in HDMI sound driver.

The kernel does not validate a pointer when processing sound data from a HDMI
device causing a NULL pointer dereference and kernel panic.


* Kernel panic in removable memory sysfs interface.

When showing the contents of the /sys/devices/system/memory/memory*/removable
sysfs file, the kernel does not validate that all memory sections are present
causing a kernel panic.


* NULL pointer dereference in memory control groups.

The kernel does not validate a pointer when querying the memory control group
cache causing a NULL pointer dereference and kernel panic.


* Kernel panic in Atheros AR9001/AR9002 transmit.

The Atheros wireless driver does not correctly manage packet data on AR9001 and
AR9002 devices leading to an assertion failure and kernel panic.


* Use-after-free in 802.11 IBSS processing.

The generic 802.11 driver does not correctly adjust a reference count when
leaving an IBSS ad-hoc network leading to a use-after-free condition and kernel
panic.


* NULL pointer dereference in iSCSI NOP processing.

A NULL pointer dereference and kernel panic can be triggered if a iSCSI target
sends a NOP command in the middle of an exchange.


* CVE-2013-2888: Memory corruption in Human Input Device processing.

The kernel does not correctly validate the 'Report ID' field in HID data allowing
a malicious USB or Bluetooth device to cause memory corruption and gain kernel
code execution.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-19-Updates mailing list