[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-8519)

Oracle Ksplice ksplice-support_ww at oracle.com
Mon Jul 21 18:26:41 PDT 2014 

Synopsis: FEDORA-2014-8519 can now be patched using Ksplice
CVEs: CVE-2014-4943

Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-8519.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2014-4943: Privilege escalation in PPP over L2TP setsockopt/getsockopt.

PPP over L2TP sockets incorrectly used UDP's getsockopt and setsockopt
as a fallback handler. Since UDP's implementation expects different
data structures, a local attacker could corrupt kernel memory and gain
root privileges.


* Kernel panic in thermal hardware monitoring driver when unloading module.

A flaw in the thermal hardware monitoring driver could lead to
dereferencing an invalid address on module removal. A local, privileged
user could use this flaw to cause a denial-of-service.


* Memory leak in crypto CAAM Job Rings driver at module unloading.

Incorrect logic in the crypto CAAM Job Rings driver probe function leads to
a memory leak when unloading the module. A local, privileged user could use
this flaw to exhaust the memory on the system and cause a
denial-of-service.


* Double-free in PHY core driver when releasing a PHY.

A flaw in the PHY driver could lead to a double free of a PHY device if the
PHY creation failed. A local, privileged user could use this flaw to cause
a denial-of-service.


* Multiple journal corruptions in the ext4 filesystem.

Multiple flaws in the ext4 filesystem could lead to incorrect checksums
being computed in the journal under specific conditions. These flaw could
cause the filesystem to be re-mounted read-only or cause data corruption
and denial-of-service.


* Incorrect permissions when allocating page tables for Radeon graphics cards.

Incorrect permissions when allocating page tables for the Radeon graphics
cards could allow userspace programs to access them.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-20-Updates mailing list