[Ksplice-Fedora-24-updates] New Ksplice updates for Fedora 24 (4.11.8-100.fc24)

[Oracle Ksplice]

Synopsis: 4.11.8-100.fc24 can now be patched using Ksplice
CVEs: CVE-2017-1000365 CVE-2017-10911 CVE-2017-7482 CVE-2017-7518

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, 4.11.8-100.fc24.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 24
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service when using Geschwister Schneider UG interfaces.

A missing free when closing USB Geschwister Schneider net device could
lead to a memory leak. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.


* Denial-of-service when using videobuf2 core framework.

A check error when using videobuf2 core framework could lead to an out
of bound access. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when using context mount options.

A missing check in error path when mounting filesystem with specific
context mount options while SELinux is enabled could lead to a double
free. A local attacker could use this flaw to cause a denial-of-service.


* Denial-of-service when using independent BSS feature of mac80211.

An error in allocation size when using IBSS could lead to an out of
bound access. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when closing USB gadget FS file.

A logic error when releasing a USB Gadget filesystem file could lead to
a general protection fault or an use-after-free. A local attacker could
use this flaw to cause a denial-of-service.


* Denial-of-service when setting alarm timer.

An overflow when setting alarm timer leads to alarm expiring immediately
in a loop, causing a high cpu load. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2017-1000365: Local security bypass when performing exec.

A logic error allows an unprivileged local user to bypass arguments and
environmental strings size limit when performing exec syscall. An
attacker can exploit this to exhaust kernel memory which may lead to
privilege escalation.


* Denial-of-service when routing autofs ioctl control command.

A logic error in handling ioctl control command failure leads to a null
pointer dereference. An attacker can exploit this to cause
denial-of-service.


* Denial-of-service when generating random number.

Inconsistent lock ordering in random number generator may lead to
deadlock inside the kernel. A malicious user can exploit this to cause
denial-of-service.


* Denial-of-service when rescheduling timer.

A logic error when rescheduling a process in response to signal with
SI_TIMER signal code leads to kernel memory corruption and eventual
kernel crash. A local user can exploit this vulnerability to cause
denial-of-service.


* Use-after-free in Linux SCSI Target fabric driver.

A reference counting error when aborting transport command in Linux SCSI
Target fabric driver leads to a use-after-free in kernel. This could
allow a local user to escalate privilege.


* CVE-2017-7482: Memory corruption when decoding Keberos 5 ticket.

A boundary condition error when decoding Keberos 5 tickets using the
RXRPC keys leads to local buffer overflow. This could lead to memory
corruption and possible privilege escalation.


* CVE-2017-10911: Information leak in Xen block-device backend driver.

A data structure allocated on stack in Xen block-device backend driver
may leak sensitive data through padding fields. A malicious unprivileged
guest may be able to obtain sensitive information from the host or other
guests.


* CVE-2017-7518: Privilege escalation in KVM emulation subsystem.

An implementation error in the syscall instruction emulation in KVM
leads to a kernel exception raised in userspace. A user/process inside
guest could use this flaw to potentially escalate their privileges
inside guest.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.