[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-6357)

Fri May 16 16:46:07 PDT 2014

Synopsis: FEDORA-2014-6357 can now be patched using Ksplice
CVEs: CVE-2014-1737 CVE-2014-1738 CVE-2014-3144

Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-6357.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2014-1737, CVE-2014-1738: Local privilege escalation in floppy ioctl.

The floppy driver would leak internal memory addresses to userspace,
and would allow unprivileged userspace code to overwrite those
addresses, allowing for a local privilege escalation and gaining
of root.

* NULL pointer dereference in virtio-scsi.

A missing pointer check in set_affinity can lead to a NULL
pointer dereference and kernel crash.

* Kernel oops in mpt2sas suspend.

A duplicate disable when suspending in mpt2sas can lead
to a kernel oops.  A malicious user could use this to
cause a denial of service.

* Double-free in ASoC power management.

Unregistering a sound card with auto-disabled DAPM kcontrols
causes a double free and possible kernel panic.

* Machine check exception in b43 wireless driver.

An improper access to a register in the b43 wireless driver can
lead to a CPU exception and kernel panic.

* Kernel crash in AHCI with dummy port.

System may crash in ahci_hw_interrupt() or ahci_thread_fn() when
accessing the interrupt status in a port's private_data if the port is
actually a DUMMY port.

* Use-after-free in mac80211 BSS.

The mac80211 code was incorrectly using the bss struct after
it may have been freed in ieee80211_rx_bss_put, leading to a
kernel panic.

* Heap corruption in mtd sysfs attributes.

An invalid NUL terminator placement in sm_create_sysfs_attributes()
could cause heap corruption.

* Kernel BUG in NFS lockd socket creation.

When socket creation failed during lockd_up, all live sockets
were not getting properly cleaned up, causing a kernel BUG.

* CVE-2014-3144: Multiple local denial of service vulnerabilities in netlink.

The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extension implementations
in the sk_run_filter function in net/core/filter.c failed to check whether
a certain length value is sufficiently large, which allows local users to
cause a denial of service (integer underflow and system crash) via crafted
BPF instructions.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.