[Ksplice-Fedora-24-updates] New updates available via Ksplice (FEDORA-2016-c7eb9bc37d)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Oct 13 09:04:10 PDT 2016
Synopsis: FEDORA-2016-c7eb9bc37d can now be patched using Ksplice
Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-c7eb9bc37d.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack on Fedora 24 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* NULL pointer dereference in the crypto block cypher sub-system.
A logic error when walking to the next block in the crypto sub-system could
lead to a NULL pointer dereference when the host is on low memory.
* Denial-of-service when converting and migrating concurrently on OCFS2.
A race condition in the OCFS2 filesystem when converting and migrating
concurrently could lead to a kernel BUG assertion to trigger. A local user
with mount privileges could use this flaw to cause a denial-of-service.
* Deadlock when blocking walks during expire on autofs.
Incorrect locking when blocking walks during an expire operation on autofs
could lead to a deadlock. A local, unprivileged user with the ability to
cause an automatic mount could use this flaw to cause a denial-of-service.
* Denial-of-service on heavy swapping condition.
A logic error could trigger a kernel assertion on heavy swapping condition,
leading to a kernel panic. A local user with the ability to cause the
system to swap could use this flaw to cause a denial-of-service.
* Use-after-free in the memory controller when accessing the charge cache.
A race condition in the memory controller when accessing the charge cache
could lead to a use-after-free on concurrent network access. An attacker
could use this flaw to cause a denial-of-service.
* Use-after-free when closing cloned socket in the control group sub-system.
Incorrect reference counting in the control group sub-system when cloning a
socket will later cause a use-after-free when closing one or the other. An
attacker with the ability to clone sockets could use this flaw to cause a
denial-of-service.
* Initialization vector corruption in the symmetric key cipher sub-system.
Encrypting a key in the keys sub-system was corrupting the initialization
vector of the symmetric cipher used when it should otherwise not have.
* Denial-of-service in the configfs when writing a file.
A logic error when validating the size of a file being created in a
configfs mount point allows local user to allocate an arbitrary amount of
vmalloc memory. A local user could use this flaw to exhaust the memory and
cause a denial-of-service.
* Memory leaks when tracing splice operations.
A failure to trace splice operations would cause a memory leak. A local,
unprivileged user could use this flaw to exhaust the memory on the system
by issuing repeated slice system calls if he knows they are being traced.
* Out of bounds memory read when switching WiFi channel.
A logic error in the WiFi netlink interface in the kernel could lead to out
of bounds read and kernel panic if the number of probe response counters
was too big. A local user with privileges to configure the WiFi through
netlink could use this flaw to cause a denial-of-service.
* Denial-of-service when issuing ioctl on executable files on Btrfs.
Missing checks that the files being passed are directories in various
ioctls in Btrfs could lead to a kernel panic. A local user with the
privileges to issue subvol/snapshot/create or destroy ioctls could use this
flaw to cause a denial-of-service.
* NULL pointer dereference in the Ceph filesystem on GET_DATALOC ioctl.
A failure to initialize properly an on-stack variable could lead to a NULL
pointer dereference. A local user with the privileges to issue a
GET_DATALOC ioctl could use this flaw to cause a denial-of-service.
* Invalid pointer dereference in the Ceph filesystem when allocating a page vector.
A logic error in the Ceph filesystem when checking the result of an
allocation could lead to an invalid pointer dereference and kernel panic.
A local user with the ability to trigger page vectors to be allocated could
use this flaw to cause a denial-of-service.
* Memory corruption in the QXL virtual GPU for Spice when creating a color palette.
Incorrect result checking after mapping memory into kernel space could lead
to memory corruptions and kernel panic.
* Kernel panic in the HostFS driver on mount.
A logic error in the HostFS driver could lead to freeing an invalid point
under low memory condition. A local user with the privileges to use mount
a hostfs filesystem could use this flaw to cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-24-Updates
mailing list