[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-4844)

[Oracle Ksplice]

Synopsis: FEDORA-2014-4844 can now be patched using Ksplice
CVEs: CVE-2014-2678

Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-4844.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Data corruption of ext4 immutable files when updating inode flags.

A race condition in the ext4 file system when updating the inode flags of
an immutable file could open a small window of time where the immutable
flag is not set. Provided very good timing, a local, unprivileged user
could use this flaw to modify an immutable file.


* Denial-of-service in Xen balloon driver when decreasing memory reservation.

A flaw in the Xen balloon driver could lead to a kernel Oops under specific
conditions. A local, privileged user could use this flaw to cause a
denial-of-service in Xen domains.


* Deadlock when initializing non-blocking random pool.

Incorrect locking in the random library of the Linux kernel could lead to a
deadlock if the non-blocking random pool gets initialized concurrently to a
reseed. A local, unprivileged user could use this flaw to cause
denial-of-service.


* CVE-2014-2678: NULL pointer dereference in RDS protocol when binding.

A missing check in the wireless RDS protocol leads to a NULL pointer
dereference when there is no device. A local, unprivileged user could use
this flaw to cause a NULL pointer dereference and denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.