[Ksplice-Fedora-24-updates] New Ksplice updates for Fedora 24 (FEDORA-2016-e5b72816d0)

Mon Dec 19 05:44:15 PST 2016

Synopsis: FEDORA-2016-e5b72816d0 can now be patched using Ksplice
CVEs: CVE-2016-8399 CVE-2016-8632

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-e5b72816d0.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 24
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Denial-of-service when using splice_read on af_unix socket.

An incorrect locking when using splice_read on af_unix socket could
lead to a deadlock if lock is acquired during suspend entry. An
attacker could use this flaw to cause a denial-of-service.

* Denial-of-service when creating L2TP sockets using concurrent thread.

A missing check when creating L2TP socket could lead to a use-after-free
if a concurrent thread modify socket's flag while creating it. An attacker
could use this flaw to cause a denial-of-service.

* Denial-of-service on information dump of an rtnetlink socket.

An incorrect logic when dumping interface information of an rtnetlink
socket could lead to an infinite loop. An attacker could use this flaw
to cause a denial-of-service.

* Denial-of-service when receiving packet with packet editing enabled.

A missing argument validation when receiving malformed packet while
packet editing is enabled could lead to a memory overflow. A remote
attacker could use this flaw to cause a denial-of-service.

* Denial-of-service when checking DCCP packet validity.

Incorrect logic when checking the validity of a received DCCP packet
header could lead to a use-after-free. A remote attacker could use this
flaw to cause denial of service.

* Denial-of-service when handling GSO segment of a socket buffer.

Missing checks when handling GSO (Generic Segmentation Offload) of a
received packet could lead to a use-after-free or NULL pointer
dereference. An attacker could use this flaw to cause a
denial-of-service.

* CVE-2016-8632: Denial-of-service when using TIPC and too short MTU.

Missing checks when checking TIPC (Transparent Inter Process
Communication) header could lead to a buffer overflow if device MTU is
too short. An attacker with ability to configure MTU could use this flaw
to cause a denial-of-service.

* Denial-of-service when sending socket buffer through GENEVE interface.

A missing check when sending socket buffer through GENEVE (Generic
Network Virtualization Encapsulation) interface could lead to a
use-after-free of socket buffer data. An attacker could use this flaw
to cause a denial-of-service.

* CVE-2016-8399: Information leak using ICMP protocol.

A missing check on ICMP header length could cause an out-of-bounds read
of stack. A user could use this flaw to leak information about
kernel memory and facilitate an attack.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.