CVE-2013-2850: Remote heap buffer overflow in iSCSI target subsystem.
By Samson.Yeung-Oracle on May 31, 2013
We have just released a rebootless update to deal with a critical security vulnerability:
CVE-2013-2850: Remote heap buffer overflow in iSCSI target subsystem. If an iSCSI target is configured and listening on the network, a remote attacker can corrupt heap memory, and gain kernel execution control over the system and gain kernel code execution.
As this vulnerability is exploitable by remote users, Ksplice is issuing an update for all affected kernels immediately.
This update was embargoed for release until today (May 30th), when the information regarding this vulnerability has been made public. We are pushing updates for Ubuntu Precise, Quantal, and Raring, as well as for Debian Wheezy, Fedora 17 and Fedora 18. This bug was introduced in version 3.1 of the Linux kernel and so does not affect Oracle UEK kernels, or any RedHat 6 derivatives or earlier.
We recommend Oracle Linux Premier Support for receiving rebootless kernel updates via Ksplice.