[Ksplice-Fedora-22-updates] New updates available via Ksplice (FEDORA-2016-63ee0999e4)
Oracle Ksplice
ksplice-support_ww at oracle.com
Tue Jul 19 07:14:31 PDT 2016
Synopsis: FEDORA-2016-63ee0999e4 can now be patched using Ksplice
CVEs: CVE-2016-1583 CVE-2016-3134 CVE-2016-4997 CVE-2016-4998
Systems running Fedora 22 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-63ee0999e4.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 22 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2016-1583: Privilege escalation in eCryptfs.
eCryptfs was incorrectly trying to use the mmap() file operation on lower
filesystem that may not support it. A local, unprivileged user could use
this flaw to cause a denial-of-service through recursive faults or
potentially escalate privileges.
* CVE-2016-3134, CVE-2016-4997, CVE-2016-4998: Memory corruption in SO_SET_REPLACE netfilter interface.
The netfilter subsystem does not correctly validate IPT_SO_SET_REPLACE
data from userspace which can allow local users with CAP_NET_ADMIN
privileges to trigger kernel memory corruption and possibly gain
elevated privileges.
* Use after free in netlink dump interface.
Incorrect locking in the generic netlink interface can cause a use after
free and kernel panic when attempting to dump multiple interfaces
concurrently.
* Deadlock when configuring ethernet team interfaces.
The team network driver incorrectly locks data-structures when changing
configuration data which can trigger a deadlock and kernel panic.
* Kernel panic when creating UDP L2TP socket.
A logic error when creating a L2TP socket for UDP data can cause the
kernel to use an uninitialized pointer which triggers a kernel panic.
* Kernel panic when setting KVM emulated debug registers.
The KVM subsystem does not validate the value of emulated debug
registers which can trigger a kernel panic when resuming a guest. A
privileged guest can use this flaw to crash the host.
* Kernel panic in KVM emulated IRQ chip.
A privileged guest can trigger a NULL pointer dereference and kernel
panic in the host when a non-existent IRQ route is modified.
* Kernel panic when destroying cgroup.
The kernel cgroup subsystem does not hold the correct locks when
destroying a cgroup which can lead to a kernel panic.
* Memory leak when malformed UDP packets are tunneled.
A logic error when handling malformed UDP packets in a tunnel can
trigger a kernel memory leak and eventual kernel panic.
* Use after free when mounting BPF filesystem in namespace.
The Berkeley Packet Filter allows mounting a filesystem interface in
namespaces which can trigger a kernel panic because of incorrect
reference counting.
* Kernel panic when adding a negative key to a keyring.
A logic error in the kernel keyring subsystem can cause a write to an
uninitialized pointer which can trigger kernel memory corruption and a
kernel panic.
* Incorrect AES XTS encryption in AMD crypto-coprocessor.
A logic error when offloading AES XTS operations to an AMD crypto-
coprocessors can cause incorrect results when attempting to encrypt
large amounts of data.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-22-Updates
mailing list