[Ksplice-Fedora-24-updates] New updates available via Ksplice (FEDORA-2016-9a16b2e14e)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed Jul 20 08:22:47 PDT 2016
Synopsis: FEDORA-2016-9a16b2e14e can now be patched using Ksplice
CVEs: CVE-2016-1237 CVE-2016-5696 CVE-2016-5829 CVE-2016-6156
Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-9a16b2e14e.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 24 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2016-5829: Memory corruption in unknown USB HID devices.
The USB HID driver does not validate USB data when an unknown HID device
is encountered which can allow a malicious USB device to trigger kernel
memory corruption and gain code execution.
* CVE-2016-1237: Permission bypass in NFS filesystem when setting ACLs.
Missing permission checks when setting the ACLs on a file from a NFS mount
could allow unprivileged users to grant themselves access to an otherwise
not allowed file. This could potentially be used to escalate privileges.
* Memory leak in network scheduler iptables integration.
A reference counting error in the act_ipt network scheduler can trigger
a memory leak when initializing an action.
* Memory leak when opening /proc/net/kcm device.
A logic error in the procfs interface to Kernel Connection Multiplexor
sockets can trigger a kernel memory leak and subsequent kernel panic.
* Use after free in network emulator packet dequeuing.
A reference counting error when the network emulator dequeues a packet
can trigger a use after free and kernel panic.
* Kernel panic in crypto GETALG user interface.
A logic error when parsing GETALG netlink messages to the userspace
cryptographic subsystem can trigger an out-of-bounds read and kernel
panic.
* Memory leak in Moschip adapter USB device removal.
A logic error when a device is removed from a Moschip USB device is
removed can trigger a kernel memory leak and subsequent kernel panic.
* Deadlock in USB gadget userspace filesystem interface.
Incorrect locking in the USB gadget filesystem interface can trigger a
deadlock and kernel panic when queuing a request to a device.
* CVE-2016-6156: Memory corruption in Chrome OS Embedded Controller.
A race condition in ioctl interface to the Chrome OS Embedded Controller
device can allow a privileged user to trigger kernel memory corruption
and obtain kernel code execution.
* Kernel panic in qla2xxx driver during interrupt processing.
A NULL pointer dereference and kernel panic can be triggered when a
QLogic Fibre Channel device fails to initialize.
* Use after free when removing a BPF perf event.
A logic error when removing a perf event with associated BPF program can
trigger a use after free and kernel panic.
* Use-after-free when transmitting MultiProtocol Label Switching packets.
Incorrect RCU locking when transmitting MultiProtocol Label Switching
packets to a neighbor can trigger a use-after-free and kernel panic if the
transmission is preempted by a softirq.
* CVE-2016-5696: Session hijacking in TCP connections.
A logic error in the core TCP subsystem can allow attackers to easily
guess secret information and inject arbitrary packets into a TCP stream.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-24-Updates
mailing list