[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-14075)

[Oracle Ksplice]

Synopsis: FEDORA-2014-14075 can now be patched using Ksplice
CVEs: CVE-2014-4608

Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-14075.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Deadlock in btrfs disk replacement.

Incorrect locking in btrfs disk replacement could result in deadlock
when replacing a device.  This could result in failure to access the
filesystem.


* File extent corruption in btrfs lseek() with extents.

Incorrect handling of negative offsets in the btrfs lseek()
implementation could result in incorrect extent insertion and locking.
This could cause corruption of files on a btrfs filesystem.


* Kernel panic in btrfs asynchronous reclaim during log recovery.

A missing check for active log recovery could result in performing
asynchronous reclaim at the same time.  This could trigger a kernel
panic.


* Kernel crash during balance failure in btrfs backref building.

Missing error handling in the btrfs backref code could result in hitting
a kernel assertion for a recoverable error.  A maliciously crafted
filesystem could crash the host when mounting the filesystem.


* Use-after-free in Synopsys DesignWare SPI master during module unload.

Missing cleanup could result in continued DMA transfers and a
use-after-free when the module was unloaded.


* NULL pointer dereference in generic register map debugfs entries.

Under specific conditions some register maps may not have a Linux device
associated with them which could trigger a NULL pointer dereference when
creating debugfs entries for the register map.


* Kernel crash in register map bulk register writes.

Incorrect handling of zero length bulk register writes could result in
dereferencing an invalid pointer and crashing the kernel under specific
conditions.


* Privilege escalation in ServerEngines BladeEngine 2 iSCSI driver.

Missing validation of user supplied data could allow a local user with
permissions to access the iSCSI device to overflow a stack buffer and
potentially escalate privileges.


* NULL pointer dereference in QLogic QLA2XXX fibre channel sessions.

A missing pointer assignment during session opening could result in a
NULL pointer dereference and kernel crash.


* Use-after-free in QLogic QLA2XXX fibre channel device removal.

Incorrect handling of device removal could result in accessing a stale
pointer and triggering a kernel crash when removing a QLogic QLA2XXX
device.


* Information leak in Intel Management Engine Interface devices.

Incorrect string termination could result in reading off the end of a
buffer when probing an MEI device if the device name was 32 characters
or longer.  This could result in leaking the contents of heap memory to
userspace.


* Improved fix to CVE-2014-4608: Memory corruption in kernel lzo decompressor.

The original upstream fix for CVE-2014-4608 did not cover all cases and
was still exploitable.


* NULL pointer dereference in NFS writeback error handling.

A missing NULL pointer check in the NFS writeback error path could
result in dereferencing a NULL pointer and subsequent kernel crash.


* Out-of-bounds memory access in ALSA pin quirk handling.

Missing array termination could result in accessing beyond the end of an
array into undefined memory.  This could result in a kernel crash when
probing an audio device.


* Denial-of-service in ecryptfs extended attribute setting.

A missing NULL pointer check could result in a kernel crash when setting
an extended attribute on an ecryptfs filesystem.  A local, unprivileged
user could use this flaw to trigger a denial-of-service.


* XFS file corruption during writeback.

Incorrect handling of dirty partial pages on an XFS filesystem could
result in failure to write the contents back to disk.  Under specific
conditions this could cause corruption of a mounted filesystem.


* Deadlock in filesystem memory allocation.

Under specific conditions, memory allocation in a filesystem driver
could result in more filesystem accesses to perform the allocation
triggering deadlock and a kernel hang.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.