[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2014-1072)

[Oracle Ksplice]

Synopsis: FEDORA-2014-1072 can now be patched using Ksplice
CVEs: CVE-2014-1446

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-1072.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use-after-free in virtio device removal.

The recently added multiqueue support for virtio devices introduced a use-after-
free vulnerability when removing virtio devices leading to a kernel panic.


* NULL pointer dereference in IPv6 FIB rule validation.

When attempting to send IPv6 traffic with no IPv6 interfaces configured, a missing
pointer validation can cause a NULL pointer dereference and kernel panic


* Memory leak in VXLAN transmit error path.

A kernel memory leak is triggered if a packet is transmitted over a VXLAN
interface and a circular route is encountered leading to a kernel panic.


* Memory corruption in UDPv6 fragment offloading.

An integer overflow can occur when preparing fragmented UDPv6 packets leading to
memory corruption and kernel panic.


* Information leak in socket monitoring interface.

For non-AF_INET6 sockets the kernel does not initialise fields in socket monitoring
data causing the contents of kernel memory being leaked to userspace.


* NULL pointer dereference in RDS socket binding.

A missing pointer validation can trigger a NULL pointer dereference and kernel
panic when binding an RDS socket.


* Use-after-free in ARC ethernet packet transmission.

A race condition between adding timestamps to packets and completing packet
transmission can lead to a use-after-free condition and kernel panic.


* Memory leak in virtio mergeable buffers.

If an error is encountered when receiving mergeable packets on a virtio device
any remaining packets are leaked, leading to a loss of networking.


* Use-after-free in logical link control stream sockets.

Receiving stream data on a LLC socket can trigger a use-after-free condition and
kernel panic if the MSG_PEEK flag is not used.


* NULL pointer dereference in netpoll packet transmission.

When an error is encountered adding a VLAN tag to a packet, the error path
attempts to dereference a NULL pointer leading to a kernel panic.


* Deadlock in bridge multicast 'hash_max' sysfs file.

Incorrect locking when changing the 'hash_max' setting via the sysfs interface
can trigger a deadlock and kernel panic.


* Kernel panic in Solarflare PTP packet transmission.

Incorrect length validation can trigger an out-of-bounds read and kernel panic
when transmitting a Precise Time Protocol packet over a Solarflare ethernet
device.


* CVE-2014-1446: Information leak YAM radio modem ioctl.

The YAM radio modem driver does not initialise kernel memory when processing the
SIOCYAMGCFG ioctl, leading to the contents of kernel memory being leaked to
userspace.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.