[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-4844)
Oracle Ksplice
ksplice-support_ww at oracle.com
Fri Apr 11 08:43:23 PDT 2014
Synopsis: FEDORA-2014-4844 can now be patched using Ksplice
CVEs: CVE-2014-2678
Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-4844.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Data corruption of ext4 immutable files when updating inode flags.
A race condition in the ext4 file system when updating the inode flags of
an immutable file could open a small window of time where the immutable
flag is not set. Provided very good timing, a local, unprivileged user
could use this flaw to modify an immutable file.
* Denial-of-service in Xen balloon driver when decreasing memory reservation.
A flaw in the Xen balloon driver could lead to a kernel Oops under specific
conditions. A local, privileged user could use this flaw to cause a
denial-of-service in Xen domains.
* Deadlock when initializing non-blocking random pool.
Incorrect locking in the random library of the Linux kernel could lead to a
deadlock if the non-blocking random pool gets initialized concurrently to a
reseed. A local, unprivileged user could use this flaw to cause
denial-of-service.
* CVE-2014-2678: NULL pointer dereference in RDS protocol when binding.
A missing check in the wireless RDS protocol leads to a NULL pointer
dereference when there is no device. A local, unprivileged user could use
this flaw to cause a NULL pointer dereference and denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-20-Updates
mailing list