[Ksplice-Fedora-24-updates] New updates available via Ksplice (FEDORA-2016-db4b75b352)

Oracle Ksplice ksplice-support_ww at oracle.com
Tue Oct 25 09:17:48 PDT 2016 

Synopsis: FEDORA-2016-db4b75b352 can now be patched using Ksplice
CVEs: CVE-2016-5195

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-db4b75b352.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 24 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Race condition in USB core could cause incorrect data transfer.

A race condition when bulk transferring data to a USB device is
improperly synchronized, potentially allowing access to protected
memory.


* Deadlock in Integrity Management Architecture attribute update.

When updating an attribute on an object in the underlying overlayfs,
the Integrity Management Architecture system accesses the object's
directory entry improperly, potentially deadlocking on the associated
inode and causing a denial of service.


* Data race in Trusted Platform Module 2.0 when unsealing trusted key.

A logic error in the TPM2 code could allow a data race, potentially
breaking or disrupting the chain of trust.


* Missing cancel in Trusted Platform Module 2.0 request callback.

Missing logic to correctly cancel a TPM2 request could cause incorrect
protocol behavior and a break in the chain of trust.


* CVE-2016-5195: Privilege escalation when handling private mapping copy-on-write.

A race condition in the memory subsystem could allow write access to
otherwise read-only memory mappings.  A local, unprivileged user could use
this flaw to escalate their privileges.


* Buffer overrun in xfs when listing extended attributes.

Incorrect logic when listing extended attributes on xfs could allow
attribute names to overwrite attribute data. A local user could use this
flaw to corrupt kernel memory and gain elevated privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-24-Updates mailing list