[Ksplice-Fedora-24-updates] New Ksplice updates for Fedora 24 (FEDORA-2016-2b1f91e9bd)
Oracle Ksplice
ksplice-support_ww at oracle.com
Fri Dec 23 12:12:26 PST 2016
Synopsis: FEDORA-2016-2b1f91e9bd can now be patched using Ksplice
CVEs: CVE-2016-9588
Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-2b1f91e9bd.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 24
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service due to bad BUG() call in SCSI fiber channel driver.
An unsolicited message across an SCSI fiber channel could trigger
incorrect error checking logic in the driver, causing a kernel oops and
denial-of-service.
* Memory corruption in non-volatile memory driver.
Incorrectly computing the size of an output buffer in the non-volatile
memory subsystem could cause kernel memory corruption, causing a
denial-of-service or potentially allowing an attacker access to kernel
memory.
* Specifying incompatible cryptographic algorithm causes kernel crash.
If mcryptd is provided a cryptographic algorithm it is not compatible
with, the kernel will panic, causing a denial-of-service.
* Denial-of-service in PEAK USB/CAN adapter driver.
A use-after-free of memory in the PEAK USB-to-CAN driver could cause a
kernel oops and denial-of-service.
* Invalid memory access when failing allocation in BATMAN driver.
Failing to check whether memory allocation succeeded in the BATMAN
network driver could cause already-allocated memory to be returned,
potentially exposing kernel memory.
* Missing privilege check in zram device initialization.
Incorrect privilege logic could allow a non-root user to create
uninitialized zram devices on the system. This could potentially
allow privileged memory access or a denial-of-service.
* Three-way race condition in rtmutex causes lock corruption.
A race condition between three concurrent threads could cause corruption
of the associated rtmutex, causing the mutex to potentially be granted
to the wrong waiter. This would likely lead to a kernel panic and
denial-of-service.
* CVE-2016-9588: Denial-of-service in Intel nested VMX exception handling.
Failure to handle exceptions thrown by an L2 guest could result in
kernel crash. A malicious guest could use this flaw to crash the
virtualization host.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-24-Updates
mailing list