[Ksplice-Fedora-23-updates] New updates available via Ksplice (FEDORA-2016-723350dd75)

[Oracle Ksplice]

Synopsis: FEDORA-2016-723350dd75 can now be patched using Ksplice
CVEs: CVE-2016-6828

Systems running Fedora 23 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-723350dd75.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 23 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial of service when connecting to Infrared device.

Under memory pressure a kernel memory allocation can fail when
connecting to an Infrared IrDA device which can trigger a kernel panic.


* Memory leak in AppArmor filesystem.

A reference counting error in the AppArmor filesystem can lead to a
kernel memory leak and subsequent kernel panic when reading the contents
of the 'sha1' file.


* Kernel panic in UDF Logical Volume parsing.

A logic error when parsing Logical Volumes on UDF filesystems can
trigger a kernel stack overflow and memory corruption when volumes are
deeply nested.


* Use after free in block device procfs interface.

The generic block device procfs interface incorrectly handles memory
when reading from the 'diskstats' and 'partitions' file which can
trigger a use-after-free condition and kernel panic.


* Denial of service in ext4 extent validation.

A logic error in the kernel ext4 driver can allow malformed extents to
be processed which can trigger a kernel panic when mounting a malformed
disk image.


* Deadlock during ext4 page writeback.

Incorrect locking when writing a transaction to disk and performing a
page writeback can trigger a deadlock and kernel panic.


* Kernel panic in ext4 inode eviction.

A malformed superblock encountered when mounting an ext4 filesystem can
trigger a kernel panic because of an uninitialized superblock flag.


* Memory corruption in ext4 with large GDT blocks.

A ext4 filesystem with a large number of reserved GDT blocks can trigger
kernel memory corruption when mounting the filesystem.


* Infinite loop in ext4 orphan cleanup.

A logic error when a malformed orphan list is encountered on an ext4
filesystem can trigger an infinite loop and denial of service.


* Use after free in ext4 block allocation.

Incorrect reference counting when failing to allocate a block on an ext4
filesystem can trigger a use after free condition and kernel panic.


* CVE-2016-6828: Use after free during TCP transmission.

A logic error when a memory allocation fails during TCP transmission can
cause the kernel TCP stack to use freed memory causing a kernel panic.


* Memory leak in IPv6 anycast/multicast link changes.

Incorrect reference counting when changing the link status of an IPv6
interface can trigger a kernel memory leak and subsequent kernel panic.


* Kernel panic in IEEE 802.1A MACsec decryption.

A kernel panic can be triggered when validation is disabled in a MACsec
connection and a secure association is accessed.


* Deadlock in Intel OPA InfiniBand transmission.

Incorrect locking when transmitting data across an Intel OPA InfiniBand
device can trigger a deadlock when memory allocation fails.


* Information leak in cryptographic scatterwalk subsystem.

A logic error when encrypting and decrypting spanning across multiple
pages can cause data to not be processed which may cause an information
leak.


* Denial of service in filesystem directory cache.

A logic error when multiple CPUs are accessing a file can trigger a soft
lockup. A local unprivileged user could use this flaw to trigger a
denial of service.


* Memory corruption in Open vSwitch headroom processing.

A logic error when setting the rx headroom to a negative number can
trigger kernel memory corruption when receiving data from an Open
vSwitch device.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.