[Ksplice-Fedora-24-updates] New Ksplice updates for Fedora 24 (FEDORA-2016-98bd1ddc5d)

[Oracle Ksplice]

Synopsis: FEDORA-2016-98bd1ddc5d can now be patched using Ksplice

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-98bd1ddc5d.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 24
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory exhaustion in procfs sound info.

A missing argument sanitizing in write() callback of sound infos
procfs entries could lead to an user-controlled memory size allocation.
An attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.


* Use-after-free in Generic SCSI-3 ALUA SCSI Device Handler.

A refcounting error during activation or rescanning of ALUA devices
could lead to a use-after-free. A user with the ability to activate
or rescan such devices through sysfs could cause a denial-of-service.


* Use of uninitialized memory in Intel Management Engine Interface.

A logic error could lead to a uninitialized memory access while enabling
Intel MEI phy. A user with the capability to set an interface using
this phy up, could cause a denial-of-service.


* Memory corruption when sending messages over tcp socket.

An incorrect check on max_skb_frags sysctl value when sending tcp
messages could lead to a memory corruption. An attacker could use this
flaw to cause a denial-of-service.


* NULL pointer dereference when binding DCCP IPv6 socket.

A missing callback in dccp_v6 ops could cause a NULL pointer dereference
when binding a socket. A local user with capabilities to bind dccpv6
socket could use this flaw to cause a denial-of-service.


* Use-after-free when using setsockopt() or connect() on sctp socket.

A race condition in the connect() and setsockopt() syscalls for a sctp
socket could lead to a use-after-free. A local user with capabilities to
use those syscalls could cause a denial-of-service.


* Double-free when unmapping BPF program.

A missing check when destroying BPF maps could lead to a double-free
of memory. A local user with capability to use BPF syscall could use
this flaw to cause a denial-of-service.


* NULL pointer dereference when shutting down a sctp socket.

A logic error when shutting down a sctp socket could lead to a NULL
pointer dereference. A local user could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.