[Ksplice-Fedora-22-updates] New updates available via Ksplice (FEDORA-2015-16440)

[Oracle Ksplice]

Synopsis: FEDORA-2015-16440 can now be patched using Ksplice
CVEs: CVE-2015-6937

Systems running Fedora 22 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2015-16440.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 22 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial of service when mounting currupt XFS filesystem.

Missing validation of disk blocks in the XFS filesystem could cause
filesystem junk entries and break userspace expectations of filesystem
semantics. A malicious local user with mounting privileges could
potentially use this to cause denial of service.


* Kernel panic in MEN 16z135 UART driver when setting terminal attributes.

A race between the interrupt handler and setting terminal attributes
(termios) could cause a deadlock or kernel panic. A local user with
access to the device could potentially use this flaw to cause denial
of service.


* Invalid memory accesses in accelerated GHASH crypto algorithm.

Due to an incorrectly specified context size, the kernel would allocate
too little memory for the GHASH context and possibly access invalid
memory. A local user could potentially use this to cause denial of
service or escalate privileges.


* Invalid memory free in device resource management.

A logic error in the device resource management code could cause the
wrong pointer to be freed, possibly crashing the kernel. A malicious
local user with device configuration privileges could use this to cause
denial of service.


* Improperly escaped output in procfs files.

Lack of quoting in procfs files could cause userspace programs to
misinterpret the contents of these files. A malicious local user
could possibly use this to manipulate certain procfs files (and thereby
also manipulate other programs reading these files).


* CVE-2015-6937: NULL pointer dereference in RDS socket creation.

Failure to check for binding to a transport could result in a NULL
pointer dereference when creating an RDS socket.  A local, unprivileged
user could use this flaw to crash the system.


* NULL pointer dereference when tearing down x86 CPU cacheinfo.

In certain situations, offlining a CPU could cause a NULL pointer
dereference and kernel panic. A malicious local user with CPU hotplugging
capabilities could use this to cause denial of service.


* Disable modification of LDT by userspace processes.

The seldom-used modify_ldt syscall allowing processes to modify their local
descriptor table has several vulnerabilities allowing local unprivileged
users to elevate privileges.

This update disables by default the modify_ldt syscall and introduces a new
sysctl 'ksplice_modify_ldt' to allow administrators to re-enable it.
Re-enabling the syscall will make the machine vulnerable.

To re-enable modify_ldt, run the following command as root:

  sysctl ksplice_modify_ldt=1

To disable, run:

  sysctl ksplice_modify_ldt=0

This mitigates CVE-2015-3290, CVE-2015-3291 and CVE-2015-5157.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.