[Ksplice-Fedora-23-updates] New Ksplice updates for Fedora 23 (FEDORA-2016-68a38b6693)

[Oracle Ksplice]

Synopsis: FEDORA-2016-68a38b6693 can now be patched using Ksplice

Systems running Fedora 23 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-68a38b6693.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 23
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Multiple memory corruptions when accessing wireless drivers through debugfs.

Type confusion in multiple WiFi drivers when getting a handle on the
debugfs file operations leads to memory corruption and kernel panic.  A
local user with access to debugfs could use this flaw to cause a
denial-of-service.


* Use-after-free bug in Intel OPA Gen1 adapter driver.

A refcounting error when removing a Queue Pair (QP) in the Infiniband
driver could lead to a use-after-free and kernel panic.


* Permission bypass in fuse filesystem when changing directory mode.

A flaw in the fuse filesystem could allow a local user to use
previously cached directory modes when they have been changed.
A local user could potentially use this flaw to escalate privileges
or access restricted information.


* Permission bypass in fuse filesystem when using write/truncate/chown.

A flaw in the fuse filesystem causes stalled directory modes to be used
when checking permissions in the write, truncate and chown operations.
A local user could potentially use this flaw to escalate privileges or
access restricted information.


* NULL pointer dereference in Intel XL710 ethernet driver.

A flaw in pci error handling of XL170 ethernet driver could lead to NULL
pointer dereference. A local user with capability to load a module and
to trigger pci errors could cause a denial of service.


* Memory leak in the Broadcom WiFi driver when listing scan results.

A temporary 2KiB buffer is never released when listing the scan results
in the Broadcom WiFi driver.  A local user could use this flaw to exhaust
the memory on the system and cause a denial-of-service.


* Memory corruption in Intel Atom audio driver.

Type confusion when controlling an audio stream leads to memory
corruption and kernel panic. An attacker with the ability to
pause and resume an audio stream multiple times could cause a denial
of service.


* Denial-of-service in reiserfs quota handling on mount.

Incorrect locking when initializing quotas for a reiserfs mount could
lead to a deadlock.  A local user with mount permission could use this
flaw to cause a denial-of-service.


* Denial of service when validating RAID6 syndromes.

A reference on a DMA buffer is never released when validating RAID6
syndromes, leading to a memory leak.  A local user with the ability to
cause a RAID6 sync could use this flaw to exhaust the memory on the
system and cause a denial-of-service.


* Integer overflow in generic file read on 32 bits systems.

Lack of input validation in generic file read syscall could lead to
integer overflow and infinite loop. An unprivileged user could use
this flaw to cause a denial of service.


* Filesystem corruption during online defragmentation in the ext4 filesystem.

Moving extents of encrypted files in the ext4 filesystem is not
supported and leads to filesystem corruption.  A local user with the
ability to trigger an online defragmentation could use this flaw to
cause data loss.


* Metadata corruption of uid/gid on ext4 file system.

A logic error when removing an inode from an Ext4 filesystem could
lead to metadata corruptions and early zeroing of high 16 bits of the
uid/gid bits before the inode deletion had been committed on disk. An
attacker could potentially use this flaw to bypass permission checks
on ext4 filesystem.


* Kernel BUG when releasing unused pages in the ext4 filesystem.

Failure to clear the dirty bit when releasing unused pages in the ext4
filesystem could lead to a kernel BUG assertion to trigger.  A local user
could use this flaw to cause a denial-of-service.


* Memory leak in ext4 while inserting a range.

A path is not released when inserting a range in ext4 filesystem.
A local user could use this flaw to exhaust the memory on the system and
cause a denial of service.


* Data leak when removing data in direct access mode in ext4.

Multiple logic errors in the ext4 filesystem prevent removing data in
file on disk when using direct access mode in ext4, potentially
leading to data leak. An attacker could use this flaw to recover
presumably removed data.


* NULL pointer dereference in the cachefiles filesystem after deleting a file.

A logic error when notifying the cachefilesd daemon of a newly deleted
file could lead to a NULL pointer dereference and kernel panic. A
local user could use this flaw to cause a denial-of-service.


* Use-after-free in Distributed Lock Manager.

A logic error when closing dlm filesystem entries could lead to
use-after-free. A user with ability to close dlm filesystem connection
could generate multiple use-after-free and cause a denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.