[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-4675)

Tue Apr 8 15:16:46 PDT 2014

Synopsis: FEDORA-2014-4675 can now be patched using Ksplice
CVEs: CVE-2014-0055 CVE-2014-0077 CVE-2014-2568 CVE-2014-2580

Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-4675.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Deadlock in Conexant USB DVB data transfer.

The USB Digital Video Broadcasting driver does not correctly unlock data when a
data transfer fails, leading to a deadlock and kernel panic.

* Deadlock in DvbWorld and TeVii DVB device driver.

The DvbWorld and TeVii USB Digital Video Broadcasting driver does not correctly
unlock data when a data transfer fails, leading to a deadlock and kernel panic.

* Kernel panic in Conexant PCI video recorder device driver.

Memory allocation can fail in the Conexant PCI video recorder device driver
triggering a NULL pointer dereference and kernel panic when reading the device's
EEPROM.

* Remote memory leak in SunRPC GSSAPI authentication.

The kernel SunRPC GSSAPI authentication library does not release a reference when
encoding a GSSAPI message fails leading to a kernel panic.

* Information leak in packet filter JIT engine.

An incorrect bound is used when validating Berkeley Packet Filter programs
allowing a malicious user to read the contents kernel memory.

* Userspace memory corruption in SYSLOG_ACTION_READ_ALL.

The kernel syslog implementation does not correctly handle the
SYSLOG_ACTION_READ_ALL syslog command causing too much data to be copied to a
userspace process. This potentially causes memory corruption and crash in the
userspace process.

* Kernel panic in nested KVM MMU management.

The KVM virtual MMU does not correctly handle memory mappings in nested virtual
machines leading to a kernel panic.

* Remote denial-of-service in CephFS object storage daemon.

The Ceph filesystem object storage daemon (OSD) does not correctly handle
truncated requests which can lead to the OSD never completing a request and
blocking further requests leading to a denial of service.

* CVE-2014-2568: Information leak in netlink packet copying.

A reference counting error in the netlink net-filter subsystem can cause the
contents of kernel memory to be leaked to unprivileged users in netlink packets.

* CVE-2014-0055: Kernel panic when receiving packets in virtio networking.

When receiving packets, missing data validation can cause the virtual networking
subsystem to dereference an invalid pointer causing a kernel panic.

* CVE-2014-0077: Kernel panic when receiving short packets in virtio networking.

Missing data validation when receiving truncated packets in the virtual networking
subsystem can cause the kernel to dereference an invalid pointer triggering a
kernel panic.

* CVE-2014-2580: Denial-of-service in Xen backend network driver.

Invalid locking in the Xen backend network driver can trigger a deadlock and
kernel panic when receiving malformed packets.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.