[Ksplice-Fedora-24-updates] New updates available via Ksplice (FEDORA-2016-c7eb9bc37d)

Oracle Ksplice ksplice-support_ww at oracle.com
Thu Oct 13 09:04:10 PDT 2016 

Synopsis: FEDORA-2016-c7eb9bc37d can now be patched using Ksplice

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-c7eb9bc37d.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 24 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* NULL pointer dereference in the crypto block cypher sub-system.

A logic error when walking to the next block in the crypto sub-system could
lead to a NULL pointer dereference when the host is on low memory.


* Denial-of-service when converting and migrating concurrently on OCFS2.

A race condition in the OCFS2 filesystem when converting and migrating
concurrently could lead to a kernel BUG assertion to trigger.  A local user
with mount privileges could use this flaw to cause a denial-of-service.


* Deadlock when blocking walks during expire on autofs.

Incorrect locking when blocking walks during an expire operation on autofs
could lead to a deadlock.  A local, unprivileged user with the ability to
cause an automatic mount could use this flaw to cause a denial-of-service.


* Denial-of-service on heavy swapping condition.

A logic error could trigger a kernel assertion on heavy swapping condition,
leading to a kernel panic.  A local user with the ability to cause the
system to swap could use this flaw to cause a denial-of-service.


* Use-after-free in the memory controller when accessing the charge cache.

A race condition in the memory controller when accessing the charge cache
could lead to a use-after-free on concurrent network access.  An attacker
could use this flaw to cause a denial-of-service.


* Use-after-free when closing cloned socket in the control group sub-system.

Incorrect reference counting in the control group sub-system when cloning a
socket will later cause a use-after-free when closing one or the other.  An
attacker with the ability to clone sockets could use this flaw to cause a
denial-of-service.


* Initialization vector corruption in the symmetric key cipher sub-system.

Encrypting a key in the keys sub-system was corrupting the initialization
vector of the symmetric cipher used when it should otherwise not have.


* Denial-of-service in the configfs when writing a file.

A logic error when validating the size of a file being created in a
configfs mount point allows local user to allocate an arbitrary amount of
vmalloc memory.  A local user could use this flaw to exhaust the memory and
cause a denial-of-service.


* Memory leaks when tracing splice operations.

A failure to trace splice operations would cause a memory leak.  A local,
unprivileged user could use this flaw to exhaust the memory on the system
by issuing repeated slice system calls if he knows they are being traced.


* Out of bounds memory read when switching WiFi channel.

A logic error in the WiFi netlink interface in the kernel could lead to out
of bounds read and kernel panic if the number of probe response counters
was too big.  A local user with privileges to configure the WiFi through
netlink could use this flaw to cause a denial-of-service.


* Denial-of-service when issuing ioctl on executable files on Btrfs.

Missing checks that the files being passed are directories in various
ioctls in Btrfs could lead to a kernel panic.  A local user with the
privileges to issue subvol/snapshot/create or destroy ioctls could use this
flaw to cause a denial-of-service.


* NULL pointer dereference in the Ceph filesystem on GET_DATALOC ioctl.

A failure to initialize properly an on-stack variable could lead to a NULL
pointer dereference.  A local user with the privileges to issue a
GET_DATALOC ioctl could use this flaw to cause a denial-of-service.


* Invalid pointer dereference in the Ceph filesystem when allocating a page vector.

A logic error in the Ceph filesystem when checking the result of an
allocation could lead to an invalid pointer dereference and kernel panic.
A local user with the ability to trigger page vectors to be allocated could
use this flaw to cause a denial-of-service.


* Memory corruption in the QXL virtual GPU for Spice when creating a color palette.

Incorrect result checking after mapping memory into kernel space could lead
to memory corruptions and kernel panic.


* Kernel panic in the HostFS driver on mount.

A logic error in the HostFS driver could lead to freeing an invalid point
under low memory condition.  A local user with the privileges to use mount
a hostfs filesystem could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-24-Updates mailing list