[Ksplice-Fedora-24-updates] New Ksplice updates for Fedora 24 (FEDORA-2016-5ec2475e3f)

[Oracle Ksplice]

Synopsis: FEDORA-2016-5ec2475e3f can now be patched using Ksplice
CVEs: CVE-2016-9755 CVE-2016-9756 CVE-2016-9777

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-5ec2475e3f.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 24
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Out-of-bound memory access in APIC virtualization.

An unsanitized array offset in APIC virtualization subsystem resulted in
out-of-bound array access. An unprivileged user can send a specially
crafted interrupt and corrupt kernel memory.


* General protection fault in KVM interrupt controller.

A missing check in KVM x86 interrupt controller resulted in NULL pointer
dereference. An attacker with KVM_CAP_IRQ_ROUTING capability can exploit
this to cause denial-of-service.


* CVE-2016-9756: Information leak in KVM x86 emulator.

Failure to initialize memory in generic x86 emulator resulted in leaking
of kernel stack into userspace. An attacker can use this vulnerability
to introspect kernel memory.


* Out-of-bound memory access in perf.

A missing end-of-array marker in a look up table allows for out-of-bound
memory access in perf sampling profiler subsystem, which may lead to
undefined behavior. An attacker can exploit this to control kernel
execution flow.


* Denial-of-service in X.509 certificate parser.

A double-free in X.509 certificate parser can lead to kernel panic. A
remote attacker can send an intentionally malformed X.509 certificate to
exploit this vulnerability.


* Denial-of-service in direct memory access subsystem.

A missing return value check in the driver allowed a userspace program
with direct access to persistent memory to crash the kernel.


* CVE-2016-9755: General protection fault in IPv6 netfilter defragmenter.

A bug in IPv6 packet reassembly logic allowed malformed packets to pass
through the filter and cause general protection fault. A remote attacker
can use this to cause denial-of-service.


* CVE-2016-9777: Out-of-bounds memory write in KVM.

An incorrect array size could cause an out-of-bounds memory write when
sending RTC interrupt acknowledgements. A malicious local user could
potentially use this to cause denial of service or elevate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.