[Ksplice-Fedora-22-updates] New updates available via Ksplice (FEDORA-2015-11551)

Tue Jul 21 01:51:11 PDT 2015

Synopsis: FEDORA-2015-11551 can now be patched using Ksplice

Systems running Fedora 22 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2015-11551.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 22 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Infinite loop when bridging IGMP traffic.

Incorrect reference counting in the network bridge subsystem can trigger
an infinite loop when processing IGMP traffic causing further bridged
network traffic to be dropped.

* Memory corruption when processing SCTP ASCONF packets.

Incorrect locking in the SCTP subsystem can trigger memory corruption
and a kernel panic when processing ASCONF packets.

* Use-after-free in network bridging when changing ports.

Incorrect locking when adding or removing bridge ports can trigger a
use-after-free condition. A privileged user could use this flaw to gain
kernel code execution.

* Denial of service in networking packet fanout.

Incorrect locking in the networking subsystem can trigger a
divide-by-zero and kernel panic when a userspace process uses the
PACKET_FANOUT socket option.

* Kernel panic in networking round-robin packet fanout.

Incorrect synchronization can trigger an out-of-bound read and kernel
panic when a userspace process uses the PACKET_FANOUT_LB socket option.

* Use-after-free when updating networking neighbors.

Incorrect locking in the generic networking subsystem can trigger a
use-after-free condition when updating stale network neighbor
information. This flaw can trigger kernel memory corruption.

* Denial of service when processing OOTB SCTP packets.

A race condition between processing 'out-of-the-blue' OOTB packets and
removing a SCTP route can trigger a NULL pointer dereference and kernel
panic. A remote attacker could use this flaw to trigger a denial of
service.

* Memory corruption in SDHCI host driver.

The Secure Digital Host Controller Interface (SDHCI) driver does not
correctly handle errors which can cause kernel memory when sending
commands to a SDHCI device.

* Privilege escalation when writing to setuid files.

A logic error in the file I/O subsystem can cause the setuid bit to be
set on world-writable files when root modifies a file. This could allow
unprivileged users to elevate privileges by modifying a setuid file.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.