[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2014-9449)

Tue Aug 19 09:21:07 PDT 2014

Synopsis: FEDORA-2014-9449 can now be patched using Ksplice
CVEs: CVE-2014-5206 CVE-2014-5207

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-9449.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Memory leak in binary tree destruction.

Missing memory pool destruction when destroying a binary tree resulted
in a memory leak.  Repeatedly creating and destroying a binary tree may
eventually trigger an out-of-memory condition and kernel crash.

* Deadlock in clockevent delta modification.

Circular locking when printing a kernel log message during the
modification of a clockevent timer could result in deadlock and a kernel
hang.

* Use-after-free in out-of-free conditions in memory control groups.

Missing locking could result in a use-after-free condition after
removing a notification eventfd from a memory control group under low
memory conditions.

* Divide-by-zero during page writeback under memory pressure.

Missing validation could result in a divide-by-zero when performing
writeback on a system under memory pressure.

* NULL pointer dereference in IDT Tsi721 PCI Express SRIO Controller.

Missing error handling could result in a NULL pointer dereference when
managing descriptors in a Tsi721 device.

* NULL pointer dereference in 802.11 event tracing.

A missing NULL pointer check could result in a NULL pointer dereference
when tracing the 802.11 wireless subsystem.

* CVE-2014-5206, CVE-2014-5207: Privilege escalation on remount with user namespaces.

Incorrect handling of bind-mounts in a user-namespace could allow an
unprivileged local user to remount a filesystem to make a read-only
filesystem writable or to allow creation of setuid binaries or device
nodes.  This could be used to escalate privileges.

* Kernel crash in Broadcom BNX2X driver during TCP offload.

Incorrect unmapping of transmitted packets could result in a kernel
crash when a TCP packet was tunneled using TCP segment offloading.

* Denial-of-service in network sendmsg() calls.

Missing validation of msg_namelen on a sendmsg call could result in a
NULL pointer dereference.  A local, unprivileged user could use this
flaw to cause a denial-of-service.

* Invalid memory access in network vectored I/O.

Incorrect handling of a zero length I/O vector could result in
dereferencing an invalid pointer.  Under specific conditions this could
result in a kernel crash.

* Deadlock in SCTP packet transmission.

Incorrect locking during SCTP packet transmission could result in
deadlock and a kernel hang.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.