[Ksplice-Fedora-22-updates] New updates available via Ksplice (FEDORA-2015-13710)

Thu Aug 27 12:39:50 PDT 2015

Synopsis: FEDORA-2015-13710 can now be patched using Ksplice

Systems running Fedora 22 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2015-13710.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 22 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Use-after-free in filesystem notification marking.

Incorrect locking in the filesystem notification (fsnotify) subsystem
can trigger a use-after-free condition and kernel panic when marking
groups.

* Kernel panic when queueing commands to IBM Power RAID driver.

A race condition caused by incorrect locking in the IBM Power RAID
driver can trigger a kernel panic when removing devices from a RAID
controller.

* Memory corruption in IBM Power RAID driver.

Incorrect logic in the IBM Power RAID tracing support can trigger an
out-of-bounds write causing kernel memory corruption and a kernel panic.

* NULL pointer dereference in Bluetooth Security Manager Protocol support.

The kernel Bluetooth driver does not correctly handle initializing
SMP connections which can trigger a NULL pointer dereference and kernel
panic.

* Deadlock in USB XHCI memory cleanup.

Incorrect locking the USB XHCI controller can trigger a deadlock when
removing a USB device.

* Memory leak when adding new USB gadget device.

Kernel resources are not correctly released when initializing a new USB
gadget device fails causing a kernel memory leak.

* Kernel panic in hardware RNG driver initialization.

The kernel hardware RNG driver does not correctly handle failing to
initialize a helper thread which can trigger a kernel panic.

* Data corruption when zero extending file on OCFS2 filesystem.

An integer overflow can cause data corruption and when zero extending a file
on large OCFS2 filesystems.

* Kernel panic when encoding NFSv4 security label.

The kernel NFSv4 server does not correctly support encoding security
labels in file attributes which can trigger an assertion failure and
kernel panic. A remote attacker could use this flaw to cause a denial of
service.

* Deadlock when reclaiming pages from page cache.

The pagecache does not correctly handle reclaiming pages from the
filesystem cache which can lead to a deadlock under low memory
conditions.

* Information leak in signalfd syscall.

The kernel does not fully initialize data when sending a signal to
process which leaks the contents of kernel memory to the receiving
process.

* Information leak in sigqueue syscall.

The kernel does not fully initialize data when sending a signal to
process which leaks the contents of kernel memory to the receiving
process.

* Incorrect file permissions when handling delegated NFSv4 state ids.

The kernel NFSv4 implementation does not check file permissions when
handling delegated operations which could allow remote users to bypass
permission checks.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.