[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2013-23935)

[Oracle Ksplice]

Synopsis: FEDORA-2013-23935 can now be patched using Ksplice

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2013-23935.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory corruption when freeing DRM imported buffers.

The kernel DRM subsystem does not correctly handle imported buffers in the
Graphics Extension Manager leading to memory corruption and a kernel panic.


* Memory corruption XFS filesystem resizing.

The kernel XFS filesystem driver uses an incorrect offset when resizing V4
filesystem images leading to memory corruption and a kernel panic.


* Use-after-free in NFS duplicate request cache.

Under certain circumstances the kernel NFS server will incorrectly reuse a
Duplicate Request Cache entry leading to a use-after-free condition and kernel
panic.


* Use-after-free in memory control group swapin.

A race condition between destroying a memory control group and swapping in a page
can trigger a use-after-free condition and kernel panic.


* Memory corruption in Intel WiFi driver debugfs.

The debugfs interface to the Intel WiFi driver does not validate station IDs when
writing to the 'sta_drain' file leading to an out-of-bounds read and possible
memory corruption.


* Memory leak in Marvell Wifi-Ex driver.

When re-connecting to an ad-hoc network the Marvell WiFi driver does not free
memory leading to a kernel memory leak and subsequent kernel panic.


* Memory corruption in btrfs IOC_SEND ioctl.

An incorrect access check when processing a BTRFS_IOC_SEND ioctl can allow a local
privileged user to trigger kernel memory corruption and cause a kernel panic.


* Denial-of-service when deleting btrfs subvolumes.

A reference count is not correctly updated if a process is killed when deleting a
subvolume on a btrfs filesystem. This makes it impossible to unmount the
filesystem and leaks kernel resources.


* Use-after-free in block device persistent storage.

A reference counting error in the implementation of on-disk persistent data
structures on block devices can trigger a use-after-free condition and cause a
kernel panic.


* Memory corruption in block device persistent meta-data storage.

A missing error check when allocating meta-data for an on-disk persistent data
structure can trigger memory corruption and a kernel panic.


* Memory corruption in block device TABLE_LOAD ioctl.

The kernel block device driver does not correctly handle large a large number of
targets in the DM_TABLE_LOAD_CMD ioctl leading to memory corruption and a kernel
panic.


* Denial-of-service in NFSv4 client session delegation.

An incorrect assumption in the kernel NFSv4 client can cause the kernel to stop
processing all server responses when handling delegation responses.


* Kernel panic in btrfs defragmentation.

An invalid optimization in the btrfs defragmentation implementation does not
correctly handle existing snapshots leading to a kernel panic.


* Memory leak when reading btrfs extent map.

If an invalid extent map is found when mounting a btrfs filesystem, the extent
map is not freed causing a kernel memory leak and subsequent kernel panic.


* Incorrect default ACLs on btrfs directories.

When creating a directory on a btrfs filesystem which inherits default ACLs from
its parent, an incorrect error check causes the ACLs to be discarded from the
newly created directory.


* Memory corruption in btrfs ordered extents.

Missing synchronization in the btrfs filesystem can trigger memory corruption
when removing ordered extents leading to a kernel panic.


* Kernel panic in btrfs balance operation.

When running a balance operation and defragmentation operation concurrently, an
incorrect assumption in the btrfs filesystem driver can trigger a kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.