[Ksplice-Fedora-23-updates] New updates available via Ksplice (FEDORA-2016-d4741aaf61)

Fri Mar 18 11:50:23 PDT 2016

Synopsis: FEDORA-2016-d4741aaf61 can now be patched using Ksplice

Systems running Fedora 23 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-d4741aaf61.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 23 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Use-after-free when tracing a work queueing in Btrfs filesystem.

Incorrect ordering between queueing a work item and tracing it could lead
to a use-after-free and kernel crash.

* Out of bounds memory access on reading a file from a SMB server.

Missing input validation when parsing the lease state from a Server Message
Block (SMB) Create response could lead to an out of bounds memory read and
kernel crash.  A local, unprivileged user or a rogue SMB server could use
this flaw to cause a denial-of-service.

* Kernel crash on PCI hotplug of the Intel IOMMU driver.

A logic error in the PCI hotplug path of the Intel IOMMU driver could lead
to a kernel BUG().

* Information leak in the ATA 32 bits compat ioctl.

A logic error in the ATA 32 bits compat ioctl could lead to writing 3 bytes
of uninitialized stack content to userspace.  An attacker could use this
flaw to gain information about the running kernel.

* Kernel hang when the function graph tracer is enabled on suspend.

The function graph tracer gets inconsistent call return information in the
low level ACPI suspend code, leading to a kernel hang.

* Kernel BUG in Btrfs filesystem when loading orphan roots.

A flaw in the Btrfs filesystem at mount time can lead to a kernel BUG
assertion to trigger when loading orphan roots of deleted snapshots.

* Kernel deadlock in JFFS2 filesystem when writing.

Incorrect lock ordering when writing to a JFFS2 filesystem could lead to
deadlocks.  A local, unprivileged user could use this flaw to cause a
denial-of-service.

* Divide-by-zero in the ALSA RME Hammerfall audio driver.

A lack of data validation in the system sample rate code of the RME
Hammerfall audio driver could lead to a division-by-zero and kernel crash.

* Heap overflow in the Unsorted Block Images (UBI) on volume update.

A flaw in the UBI code causes a heap structure to be allocated with too few
bytes, leading to a write overflow when updating the volume.  A local,
unprivileged user could use this flaw to cause a denial-of-service or
potentially escalate privileges.

* Out of bounds memory access when getting CPU load statistics.

A flaw in the CPU cooling subsystem can lead to out of bounds memory
accesses when reading the CPU load statistics leading to a kernel crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.