[Ksplice-Fedora-23-updates] New updates available via Ksplice (FEDORA-2016-26e19f042a)

[Oracle Ksplice]

Synopsis: FEDORA-2016-26e19f042a can now be patched using Ksplice
CVEs: CVE-2015-7513 CVE-2015-7566

Systems running Fedora 23 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-26e19f042a.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 23 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2015-7513: Divide-by-zero in KVM when reloading the programmable interrupt timer.

A missing input sanitization when loading the programmable interrupt timer
counters from userspace could cause KVM to make a division by zero, causing
a kernel crash.  A local user with the capability to run KVM machines
could use this flaw to cause a denial-of-service.


* CVE-2015-7566: Denial-of-service in USB Handspring Visor driver.

Incomplete USB endpoint validation could result in a kernel crash when
probing a USB Handspring Visor device.  A malicious USB device could use
this flaw to crash the system.


* NULL pointer dereference in Nouveau Power Management Unit.

A missing NULL pointer check in the Nouveau Power Management Unit code
could result in a kernel crash when initializing a device.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.