[Ksplice-Fedora-23-updates] New updates available via Ksplice (FEDORA-2016-2f25d12c51)

[Oracle Ksplice]

Synopsis: FEDORA-2016-2f25d12c51 can now be patched using Ksplice
CVEs: CVE-2013-4312 CVE-2015-8787 CVE-2016-0723

Systems running Fedora 23 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-2f25d12c51.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 23 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2016-0723: Denial-of-service in TTY TIOCGETD ioctl().

A use-after-free when getting the line discipline for a TTY could allow
a local user to trigger a kernel crash.


* CVE-2015-8787: NULL pointer dereference in Netfilter NAT redirection.

A missing NULL pointer check could result in a NULL pointer dereference
and kernel crash when redirecting an IPV4 packet.


* CVE-2013-4312: Denial of service in unix sockets.

Due to incorrect resource accounting, a process could allocate and keep
open an arbitrary number of file descriptors, thus exceeding the limits
set for the process. A malicious local user could use this flaw to cause
denial of service.


* Kernel crash in Wireless USB Host Controller Interface (WHCI) driver.

A missing error check when setting up DMA mappings could cause the
kernel and/or hardware to attempt to access nonexistant memory and
subsequently crash.


* Memory corruption in TIPC when sending message over UDP.

A logic error in the TIPC network stack when sending a message over UDP
could lead to memory corruptions upon failure to expand a socket buffer
head.  A local, un-privileged user could use this flaw to cause a
denial-of-service.


* NULL pointer dereference on USB host interrupt at registration time.

A logic error when registering a USB host driver could lead to a NULL
pointer dereference if an interrupt to notify of an overcurrent condition
happens before registering the associated platform data.


* NULL pointer dereference when disconnecting a USB 3.0 mass storage in transporting state.

A missing check for NULL pointer when disabling the low power mode of a USB
3.0 mass storage device could lead to a NULL pointer dereference when
disconnecting the device whilst it's in transporting state.  A local,
un-privileged user with physical access could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.