[Ksplice-Fedora-24-updates] New updates available via Ksplice (FEDORA-2016-5e24d8c350)
Oracle Ksplice
ksplice-support_ww at oracle.com
Tue Aug 23 12:54:16 PDT 2016
Synopsis: FEDORA-2016-5e24d8c350 can now be patched using Ksplice
CVEs: CVE-2016-6828
Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-5e24d8c350.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 24 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Memory leak in IPv6 anycast/multicast link changes.
Incorrect reference counting when changing the link status of an IPv6
interface can trigger a kernel memory leak and subsequent kernel panic.
* Denial of service when connecting to Infrared device.
Under memory pressure a kernel memory allocation can fail when
connecting to an Infrared IrDA device which can trigger a kernel panic.
* Kernel panic in IEEE 802.1A MACsec decryption.
A kernel panic can be triggered when validation is disabled in a MACsec
connection and a secure association is accessed.
* Deadlock in Intel OPA InfiniBand transmission.
Incorrect locking when transmitting data across an Intel OPA InfiniBand
device can trigger a deadlock when memory allocation fails.
* Memory leak in AppArmor filesystem.
A reference counting error in the AppArmor filesystem can lead to a
kernel memory leak and subsequent kernel panic when reading the contents
of the 'sha1' file.
* Kernel panic in UDF Logical Volume parsing.
A logic error when parsing Logical Volumes on UDF filesystems can
trigger a kernel stack overflow and memory corruption when volumes are
deeply nested.
* Use after free in block device procfs interface.
The generic block device procfs interface incorrectly handles memory
when reading from the 'diskstats' and 'partitions' file which can
trigger a use-after-free condition and kernel panic.
* Denial of service in filesystem directory cache.
A logic error when multiple CPUs are accessing a file can trigger a soft
lockup. A local unprivileged user could use this flaw to trigger a
denial of service.
* Information leak in cryptographic scatterwalk subsystem.
A logic error when encrypting and decrypting spanning across multiple
pages can cause data to not be processed which may cause an information
leak.
* Denial of service in ext4 extent validation.
A logic error in the kernel ext4 driver can allow malformed extents to
be processed which can trigger a kernel panic when mounting a malformed
disk image.
* Deadlock during ext4 page writeback.
Incorrect locking when writing a transaction to disk and performing a
page writeback can trigger a deadlock and kernel panic.
* Kernel panic in ext4 inode eviction.
A malformed superblock encountered when mounting an ext4 filesystem can
trigger a kernel panic because of an uninitialized superblock flag.
* Memory corruption in ext4 with large GDT blocks.
A ext4 filesystem with a large number of reserved GDT blocks can trigger
kernel memory corruption when mounting the filesystem.
* Infinite loop in ext4 orphan cleanup.
A logic error when a malformed orphan list is encountered on an ext4
filesystem can trigger an infinite loop and denial of service.
* Use after free in ext4 block allocation.
Incorrect reference counting when failing to allocate a block on an ext4
filesystem can trigger a use after free condition and kernel panic.
* Memory corruption in Open vSwitch headroom processing.
A logic error when setting the rx headroom to a negative number can
trigger kernel memory corruption when receiving data from an Open
vSwitch device.
* CVE-2016-6828: Use after free during TCP transmission.
A logic error when a memory allocation fails during TCP transmission can
cause the kernel TCP stack to use freed memory causing a kernel panic.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-24-Updates
mailing list