[Ksplice-Fedora-23-updates] New updates available via Ksplice (FEDORA-2016-80edb9d511)

Mon Jun 20 01:41:30 PDT 2016

Synopsis: FEDORA-2016-80edb9d511 can now be patched using Ksplice

Systems running Fedora 23 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-80edb9d511.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 23 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Use after free when loading Atheros 10k WiFi driver.

A race condition between initializing an Atheros 10k device and
receiving frames can trigger a use after free and kernel panic.

* Kernel panic when initializing Realtek 8xxx WiFi device.

Invalid locking when resetting the transfer/receive ring-buffers for
Realtek 8xxx devices can trigger an assertion trigger a kernel panic.

* Kernel panic when resuming Xen VM from suspend.

A logic error when resuming a Xen VM from suspend can trigger an
assertion failure and kernel panic when moving IRQs that have been
disabled.

* Denial of service with corrupt orphan list on ext4 filesystem.

The kernel ext4 filesystem driver does not correctly corrupt orphan
inode lists which can trigger an infinite loop and kernel deadlock.

* Kernel panic when adding orphaned inodes on ext4 filesystem.

A logic error when adding orphaned inodes on ext4 filesystems can
trigger memory corruption and kernel panic.

* Use after free in when failing xfs inode writeback.

Incorrect locking when flushing inodes on an xfs filesystem can trigger
a use after free and kernel panic.

* Kernel information leak in TIPC compatibility dump ioctl.

The kernel TIPC driver does not correctly initialize kernel memory which
is copied to userspace leading to the contents of kernel memory being
leaked to userspace.

* Kernel information leak when sending RDS messages.

The kernel RDS driver does not correctly initialize kernel memory when
creating RDS messages which can lead to the contents of kernel memory
being leaked to userspace.

* Kernel panic in ext4 FSSETXATTR ioctl.

A logic error in the ext4 FS_IOC_FSSETXATTR ioctl can trigger a kernel
panic when using an invalid pointer.

* Kernel panic with multiple commits to NFS files.

A race condition in the kernel NFS client when multiple requests attempt
to commit the same inode can trigger a NULL pointer dereference and
kernel panic.

* Kernel panic when performing virtual to physical reverse mappings.

An incorrect assertion in the virtual memory subsystem can trigger an
assertion and kernel panic when performing a reverse mapping of a
transparent hugepage.

* Kernel panic when mapping block on btrfs volume.

An incorrect assertion when mapping a block on a corrupt btrfs volume
can trigger a kernel panic.

* Kernel panic when failing to preallocate state in btrfs extents.

An incorrect assertion in the btrfs filesystem can trigger an assertion
failure and kernel panic when failing to preallocate state for file
extents.

* Deadlock when replacing target on btrfs volume.

Incorrect locking in the btrfs filesystem can trigger a kernel deadlock
and data loss when attempting to replace a target on a btrfs volume.

* Memory corruption when shrinking metadata on btrfs volume.

An integer overflow when calculating the size of metadata can cause
memory corruption and kernel panic when shrinking the size of metadata
on a btrfs volume.

* Data loss in btrfs SET_FEATURES ioctl on read-only volume.

A logic error in the btrfs SET_FEATURES ioctl can allow changing data on
a read-only volume, potentially causing data loss.

* Data loss in btrfs sysfs interface on read-only volume.

A logic error in the btrfs sysfs interface can allow changing data on a
read-only volume, potentially causing data loss.

* Kernel panic in btrfs sysfs interface when reading labels.

A logic error in the btrfs sysfs interface can trigger a NULL pointer
dereference and kernel panic when reading labels.

* Kernel panic in btrfs inode to path conversion.

A logic error when deallocating memory when converting a btrfs inode to
a path can trigger a kernel panic.

* Kernel panic when scrubbing RAID5 and RAID6 btrfs volumes.

A logic error when scrubbing a RAID5 or RAID6 btrfs volume can trigger
an out-of-bounds read and kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.