[Ksplice-Fedora-23-updates] New updates available via Ksplice (FEDORA-2016-8e858f96b8)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed Apr 20 03:10:23 PDT 2016
Synopsis: FEDORA-2016-8e858f96b8 can now be patched using Ksplice
CVEs: CVE-2016-3672
Systems running Fedora 23 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-8e858f96b8.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 23 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service in KVM VCPU creation.
Incorrect error handling could result in an integer overflow, allowing a
user with permission to create virtual CPUs to trigger a kernel
assertion and crash the system.
* Denial-of-service in KVM invvpid and invept instruction emulation.
Incorrect handling of invalid invvpid and invept instructions could
result in a kernel hang. A local user could use this flaw to crash the
system.
* Permissions bypass in nvdim ioctls().
Incorrect handling of ioctl() numbers could result in allowing write
operations to a dimmctl or ndctl device that was opened in read-only
mode.
* Denial-of-service in device mapper snapshot devices.
Creating a device mapper snapshot device where the copy-on-write and
origin devices used the same device would result in a NULL pointer
dereference and kernel crash.
* NULL pointer dereference in request-based device mapper devices.
Incorrect ordering in request queuing could result in a NULL pointer
dereference and kernel crash under specific conditions.
* Kernel stack information leak in cryptographic key wrapping.
Incorrect clearing of a kernel stack buffer could result in leaking
kernel stack contents to user-space. A local user could use this flaw
to gain privileged kernel information.
* Kernel stack corruption in Intel Management Engine Interface transfers.
Performing transfers before the MEI device was enabled could result in
stack corruption during link reset and a subsequent kernel crash.
* Heap overflow in I2C USB HID reporting.
Missing bounds checks could result in a heap overflow when setting or
sending a report. A local user with access to the device could use this
flaw to crash the system or potentially, escalate privileges.
* NULL pointer dereference in TTY line discipline reception.
A missing NULL pointer check could result in a NULL pointer dereference
when receiving a buffer under specific conditions.
* Use-after-free in Infra-red terminal opening.
Use of a stale pointer when opening an IrTTY device could result in a
use-after-free condition and subsequent kernel crash. A local user with
access to the IrTTY device could use this flaw to crash the system.
* Journalling filesystem corruption on unmount under memory pressure.
Unmounting a filesystem under memory pressure could result in journal
corruption on a subsequent remount.
* NULL pointer dereference in Infiniband CSI RDMA Protocol Target.
Missing SRP targets could result in a NULL pointer dereference and
subsequent kernel crash under specific conditions.
* NULL pointer dereference in block cache registration failure.
Allocation failures whilst creating a block cache device could result in
a NULL pointer dereference and kernel crash when the system was under
memory pressure.
* Heap buffer overflow in Bluetooth Add Advertising command handler.
Missing bounds checks could result in a heap buffer overflow when
performing an Add Advertising operation. A local user with permissions
to perform Bluetooth management operations could use this flaw to
escalate privileges or crash the system.
* Denial-of-service in pipe splicing with no pages.
Splicing from a pipe with no pages could result in a NULL pointer
dereference and kernel crash. Under specific conditions a local user
could use this flaw to crash the system.
* Denial-of-service in NFS server buffer decoding.
Integer overflows in the NFS buffer decoding operations could result in
out-of-bounds accesses and a kernel crash. A malicious client could use
this flaw to crash the system.
* Denial-of-service in NFS secinfo+readdir operations.
Incorrect locking could allow a malicious client to deadlock the system
with unexpected compound operations.
* Use-after-free in writeback operations.
Incorrect reference counting could result in a use-after-free during
writeback operations. Under specific conditions this could result in a
kernel crash.
* Kernel crash in OCFS2 Distributed Lock Manager during master loss.
A race condition when the DLM master went down could result in
triggering a kernel assertion and crashing the system under specific
conditions.
* CVE-2016-3672: ASLR bypass on 32-bit processes.
Enabling an unlimited stack size would completely disable ASLR for
process with the limit applied. A local user could use this flaw to
reduce the security of a setuid/setgid application.
* Kernel hang in OCFS2 Distributed Lock Manager convert and recovery operations.
A race condition between convert and recovery operations could result in
a system hang under specific conditions.
* Use-after-free in USB networking bind failure.
A race condition between probing a USB network device and error handling
could result in a use-after-free condition and kernel crash.
* Use-after-free in USB networking device probe failure.
Incorrect error handling when registering a USB networking device could
result in a use-after-free condition and kernel crash.
* Kernel crash in Wacom Bamboo ONE driver.
Incorrect handling of Bamboo ONE devices during registration could
result in a NULL pointer dereference when processing events for the
device.
* Kernel crash in block cache device initialization.
A race between initializing a block cache device and the writeback
thread could result in triggering a kernel assertion and crashing the
system.
* Kernel crash in disk quota initialization.
Missing array initialization could result in dereferencing an invalid
pointer and a kernel crash when initializing a quota for an inode and
experiencing an error.
* Use-after-free in FUSE filesystems with direct, asynchronous I/O.
Incorrect handling of synchronous files could result in a use-after-free
condition. A local, unprivileged user could use this flaw to crash the
system, or potentially, escalate privileges.
* Denial-of-service in coredump writing.
Under specific conditions, the kernel could write corefiles for SUID
processes into a user-controlled directory. This flaw could be used to
exhaust disk space and trigger a denial-of-service.
* Kernel crash in IP-over-Infiniband multicast group joining.
A race condition when joining an IP-over-Infiniband multicast group
could result in a NULL pointer dereference and kernel crash.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-23-Updates
mailing list