[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-6357)
Oracle Ksplice
ksplice-support_ww at oracle.com
Fri May 16 16:46:07 PDT 2014
Synopsis: FEDORA-2014-6357 can now be patched using Ksplice
CVEs: CVE-2014-1737 CVE-2014-1738 CVE-2014-3144
Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-6357.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2014-1737, CVE-2014-1738: Local privilege escalation in floppy ioctl.
The floppy driver would leak internal memory addresses to userspace,
and would allow unprivileged userspace code to overwrite those
addresses, allowing for a local privilege escalation and gaining
of root.
* NULL pointer dereference in virtio-scsi.
A missing pointer check in set_affinity can lead to a NULL
pointer dereference and kernel crash.
* Kernel oops in mpt2sas suspend.
A duplicate disable when suspending in mpt2sas can lead
to a kernel oops. A malicious user could use this to
cause a denial of service.
* Double-free in ASoC power management.
Unregistering a sound card with auto-disabled DAPM kcontrols
causes a double free and possible kernel panic.
* Machine check exception in b43 wireless driver.
An improper access to a register in the b43 wireless driver can
lead to a CPU exception and kernel panic.
* Kernel crash in AHCI with dummy port.
System may crash in ahci_hw_interrupt() or ahci_thread_fn() when
accessing the interrupt status in a port's private_data if the port is
actually a DUMMY port.
* Use-after-free in mac80211 BSS.
The mac80211 code was incorrectly using the bss struct after
it may have been freed in ieee80211_rx_bss_put, leading to a
kernel panic.
* Heap corruption in mtd sysfs attributes.
An invalid NUL terminator placement in sm_create_sysfs_attributes()
could cause heap corruption.
* Kernel BUG in NFS lockd socket creation.
When socket creation failed during lockd_up, all live sockets
were not getting properly cleaned up, causing a kernel BUG.
* CVE-2014-3144: Multiple local denial of service vulnerabilities in netlink.
The BPF_S_ANC_NLATTR and BPF_S_ANC_NLATTR_NEST extension implementations
in the sk_run_filter function in net/core/filter.c failed to check whether
a certain length value is sufficiently large, which allows local users to
cause a denial of service (integer underflow and system crash) via crafted
BPF instructions.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-20-Updates
mailing list