[Ksplice-Fedora-24-updates] New updates available via Ksplice (FEDORA-2016-bc436ff4fd)

[Oracle Ksplice]

Synopsis: FEDORA-2016-bc436ff4fd can now be patched using Ksplice

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2016-bc436ff4fd.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 24 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use after free in AppArmor child profiles.

A race condition when finding a AppArmor child profile can trigger a
use after free condition and kernel panic.


* Privilege escalation with invalid UIDs in namespaces.

The kernel user namespace subsystem does not handle invalid UIDs inside
a namespace which can allow a user in a namespace to create symlinks
which would normally be denied outside the user namespace.


* Denial of service in CDC ACM device probing.

The CDC ACM support for USB and ISDN modems does not validate data from
a device when probing which can allow a malicious device to cause a
kernel panic and denial of service.


* Denial of service in filesystem encryption policy.

A logic error in filesystem encryption support can allow a user without
read access to a directory to still change the encryption policy which
can deny access to legitimate users, causing a denial of service.


* Denial of service in ext4 xattr manipulation.

A logic error which expanding the size of an extended attribute can
cause a kernel deadlock or assertion fail which triggers a kernel panic.


* Privilege escalation in overlayfs SGID handling.

Posix ACLs are not cleared from the work directory when mounting an
overlay filesystem which can allow the SGID ACL to be inherited by a
file inside the overlay. This could allow an unprivileged user to gain
elevated privileges.


* Denial of service in overlayfs extended attributes.

The overlay filesystem does not correctly handle malformed extended
attributes from the lower filesystem which can trigger an assertion
failure and kernel panic.


* Use after free in ALSA timer SELECT ioctl.

Missing locking when handling the SNDRV_TIMER_IOCTL_SELECT ioctl in the
ALSA subsystem can trigger a use-after-free and kernel panic.


* Denial of service in ALSA timer CONTINUE ioctl.

A division by zero and kernel panic can be triggered when the ALSA
subsystem handles the SNDRV_TIMER_IOCTL_CONTINUE ioctl.


* Denial of service in ALSA device opening under memory pressure.

A logic error in the ALSA subsystem can trigger a NULL pointer
dereference and kernel panic when a memory allocation fails.


* Data loss in ext4 checksum verification.

Invalid locking can cause checksum verification to incorrectly fail
which could lead to data loss on ext4 filesystems.


* Deadlock in FireWire TASCAM devices.

Incorrect locking when accessing userspace can trigger a deadlock and
kernel panic when reading from a FireWire TASCAM device.


* Denial of service in Direct Rendering Manager CRTC.

A logic error when attempting to flip pages on a device which does not
support modeset can trigger a kernel panic.


* Denial of service in block device mounting.

A logic error when failing to mount a block device can trigger an out of
bounds access and kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.