[Ksplice-Fedora-24-updates] New updates available via Ksplice (FEDORA-2016-90f142aa64)

Oracle Ksplice ksplice-support_ww at oracle.com
Tue Aug 16 16:31:50 PDT 2016 

Synopsis: FEDORA-2016-90f142aa64 can now be patched using Ksplice
CVEs: CVE-2016-1583

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-90f142aa64.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 24 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Kernel panic when failing to create a Unix98 PTY.

A NULL pointer dereference and kernel panic is triggered when a Unix98
pseudo-terminal cannot be allocated because of memory pressure. A local
user could use this flaw to cause a denial of service.


* Deadlock in memory control group migration.

Incorrect locking could result in enabling interrupts at the wrong time
and deadlocking the system.


* Denial-of-service in memory control group creation failure.

Incorrect return types when failing to allocate a memory control group
could result in a NULL pointer dereference and kernel crash.  A local,
unprivileged user could use this flaw to cause a denial-of-service.


* Denial-of-service in transparent huge page reclaim.

Suboptimal flushing of compound pages could result in excessive
unreclaimable memory.  A local, unprivileged user could use this flaw to
cause out-of-memory conditions.


* Denial-of-service in NILFS2 filesystem mounting.

Missing range checks in the NILFS2 superblock validation could result in
an out-of-bounds memory access.  A maliciously crafted filesystem could
use this flaw to crash the system.


* Denial-of-service in anonymous transparent huge pages.

An incorrect assertion in the memory management subsystem could result
in a kernel crash.  A local, unprivileged user could use this flaw to
crash the system.


* Denial-of-service in radix tree iteration.

Incomplete initialization of the radix tree iterator could result in an
invalid memory dereference and kernel crash.


* NULL pointer dereference in Pulse Per Second parallel port registration.

Failure to claim the parallel port could result in a NULL pointer
dereference when attempting to register the Pulse Per Second module.


* Denial-of-service in scheduler event tracing.

Incorrect locking when printing during scheduler event tracing could
result in recursive locking and hang.  A local, privileged user could
use this flaw to crash the system.


* Denial-of-service in Xenbus handle validation.

The Xenbus driver incorrectly used an assertion to validate user
handles, allowing a local, privileged user to crash the system.


* Denial-of-service when attaching Xbox One gamepad.

Connecting an unrecognized Xbox One gamepad could result in a kernel
crash when accessing an invalid endpoint descriptor.  A user with
physical access to the system could use this flaw to crash the system.


* Denial-of-service in POSIX file locking on overlayfs.

A use-after-free when releasing a lease on a file on an overlayfs
filesystem could result in a kernel crash.  A local, unprivileged user
could use this flaw to crash the system.


* Improved fix to CVE-2016-1583: Privilege escalation in eCryptfs.

The original upstream fix for CVE-2016-1583 restricted opening files
without an mmap handler, but could result in applications failing to
open files that did not need mmap on them.  The new fix defers this
until mmap is called.


* Denial-of-service in overlayfs on Plan 9 filesystem.

Incorrect handling of v9fs as a lower filesystem for overlayfs could
result in a NULL pointer dereference when creating a file.  A local,
unprivileged user could use this flaw to crash the system.


* Use-after-free in mount namespace detaching.

Incorrect handling of an event counter during mount detaching could
result in a use-after-free and kernel crash.


* Denial-of-service in ioprio_get() syscall.

Incorrect locking in the ioprio_get() syscall could result in a
use-after-free and kernel crash.  A local, unprivileged user could use
this flaw to crash the system.


* Use-after-free crash in MMC ioctl().

Missing initialization in the MMC ioctl() could result in attempting to
free an invalid pointer and crashing the kernel.  A local, privileged
user could use this flaw to crash the system.


* Out-of-bounds access in SCSI device vendor and model matching.

An off-by-one error when handling strings could result in accessing
beyond the end of a string causing access of an invalid address.  This
could result in failure to match a SCSI device, or potentially, crash
the system.


* NULL pointer dereference in 802.11 MAC Service Data Unit Aggregation.

A missing NULL pointer check when allocating a socket buffer could
result in a kernel crash under specific conditions when performing MAC
(Service Data Unit Aggregation) AMSDU.


* Privilege escalation in FIDEDUPERANGE ioctl().

A race condition between copying parameters for the FIDEDUPERANGE ioctl
from user-space could result in a heap overflow.  A local, unprivileged
user could use this flaw to crash the system or potentially, escalate
privileges.


* Denial-of-service in file privilege removal on overlayfs filesystems.

Confusion between inodes and dentrys in layers of an overlayfs
filesystem could result in deadlock after removing privileges from a
file and then setting new attributes.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-24-Updates mailing list