[Ksplice-Fedora-23-updates] New updates available via Ksplice (FEDORA-2016-26e19f042a)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Jan 21 04:44:54 PST 2016
Synopsis: FEDORA-2016-26e19f042a can now be patched using Ksplice
CVEs: CVE-2015-7513 CVE-2015-7566
Systems running Fedora 23 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-26e19f042a.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 23 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2015-7513: Divide-by-zero in KVM when reloading the programmable interrupt timer.
A missing input sanitization when loading the programmable interrupt timer
counters from userspace could cause KVM to make a division by zero, causing
a kernel crash. A local user with the capability to run KVM machines
could use this flaw to cause a denial-of-service.
* CVE-2015-7566: Denial-of-service in USB Handspring Visor driver.
Incomplete USB endpoint validation could result in a kernel crash when
probing a USB Handspring Visor device. A malicious USB device could use
this flaw to crash the system.
* NULL pointer dereference in Nouveau Power Management Unit.
A missing NULL pointer check in the Nouveau Power Management Unit code
could result in a kernel crash when initializing a device.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-23-Updates
mailing list