[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-5235)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Apr 24 02:07:42 PDT 2014
Synopsis: FEDORA-2014-5235 can now be patched using Ksplice
CVEs: CVE-2014-0155 CVE-2014-2851
Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-5235.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Memory leak in SCTP stack on COOKIE ECHO error path.
A memory leak in SCTP stack on COOKIE ECHO handling when memory is
constrained could lead to a memory leak. A remote attacker could use this
flaw to exhaust the memory on the system and cause a denial-of-service.
* Denial-of-service in Bridge code on receiving malformed MFD queries.
A lack of input validation in the bridge code when handling MFD queries
could lead to multi-cast ports being shut down. A remote attacker could use
this flaw to cause a denial-of-service.
* Memory leak in TIPC code when sending a message on a closed connection.
Incorrect reference counting in the error path of tipc_conn_sendmsg() when
the connection is found to be closed could lead to a memory leak. A local,
unprivileged user could use this flaw to exhaust the memory on the system
and cause a denial-of-service.
* Denial-of-service in IPv4 fragmentation code on evicting fragments.
A race condition in the IPv4 fragmentation code could lead to a kernel
crash under specific conditions. A local, privileged user could use this
flaw to cause a denial-of-service.
* Deadlock in Stochastic Fairness Queueing packet scheduling algorithm.
Incorrect locking in the Stochastic Fairness Queueing scheduling algorithm
could lead to a memory allocation which might sleep with interrupts
disabled, causing a deadlock.
* Deadlock in TCP stack on software checksum calculation.
A logic error in the TCP stack when the NIC has no support for RX checksum
could lead to a deadlock under specific conditions.
* NULL pointer dereference in VXLAN code when handling ARP requests.
A lack of input validation in the VXLAN code could lead to a NULL pointer
dereference when memory is constrained. A remote attacker could use this
flaw to cause a denial-of-service.
* Denial-of-service in TIPC stack on failed subscriptions.
Incorrect locking in the TIPC stack could lead to a spinlock recursion and
denial-of-service. A remote authenticated attacker could use this flaw to
cause a denial-of-service.
* Memory leak in IP tunnel stack when dropping a multi-cast packet.
Incorrect reference counting in the IP tunnel code could lead to a memory
leak when dropping a multi-cast packet. A local, unprivileged user could
use this flaw to cause a denial-of-service by exhausting the host memory.
* Double-free in virtio-net on packet transmission.
Incorrect logic in the virtio-net driver could lead to a double-free under
specific circumstances. A local user could use this flaw to cause a kernel
crash or potentially escalate privileges.
* Deadlocks in IPv6 stack when updating statistic counters.
Incorrect locking in various places in the IPv6 stack could lead to a
deadlock when updating statistic counters.
* Memory corruption in ISDN loop driver.
A lack of input validation in various places of the ISDN loop driver could
lead to out of bounds memory accesses. A local, unprivileged user could use
these flaws to cause a denial-of-service or potentially escalate
privileges.
* CVE-2014-0155: Denial-of-service on KVM host when handling end of interrupts.
A lack of input validation in KVM hosts when handling redirection table of
an emulated interrupt controller could lead to a crash of the host. A
local, privileged user of a guest could use this flaw to cause a
denial-of-service via a specifically crafted redirection table entry.
* CVE-2014-2851: Integer overflow when initializing a ping socket.
Incorrect reference counting in the error path of ping_init_sock() leads to
a memory leak and could result in an reference integer overflow and
use-after-free. A local, unprivileged user could use this flaw to cause a
denial-of-service or potentially to escalate privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-20-Updates
mailing list