[Ksplice-Fedora-24-updates] New Ksplice updates for Fedora 24 (FEDORA-2017-c6974bc696)
Oracle Ksplice
ksplice-support_ww at oracle.com
Tue Jun 20 06:01:34 PDT 2017
Synopsis: FEDORA-2017-c6974bc696 can now be patched using Ksplice
CVEs: CVE-2017-1000380
Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-c6974bc696.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 24
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service when removing a VXLAN interface.
A logic error when removing a VXLAN interface could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Denial-of-service when using Generic Segmentation Offload on IPV6 socket.
A missing check when using Generic Segmentation Offload on IPV6 socket
could lead to a memory leak. A local attacker could use this flaw to cause
a denial-of-service.
* Denial-of-service when binding Distributed Switch Architecture driver.
A missing check when unbinding DSA driver and then rebinding it could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.
* Denial-of-service when using network IPV6 packets labeling.
A logic error when using network labeling on IPV6 packets could lead to
an out of bound access. A local attacker could use this flaw to cause a
denial-of-service.
* Denial-of-service when using asymmetric crypto key with backlog enabled.
A missing check in error path when using asymmetric crypto key with
backlog enabled could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.
* Denial-of-service when adding a key using the key control subsystem.
A missing check on user input when using add_key syscall of keyctl could
lead to a NULL pointer dereference if the key type is asymmetric,
cifs.idmap, cifs.spnego, or pkcs7_test. A local attacker could use this
flaw to cause a denial-of-service.
* Denial-of-service when updating a key using the key control subsystem.
A missing check in error path when updating a key with asymmetric type
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* Denial-of-service when copying up in overlay filesystem.
A missing check in error path when copying up file from lower to upper
filesystem in overlayfs configuration could lead to a memory leak.
A local attacker could use this flaw to cause a denial-of-service.
* Denial-of-service in NFS daemon when receiving malformed request.
A logic error when receiving a malformed or malicious request from a NFS
client could lead to a NULL pointer dereference. A remote attacker could
use this flaw to cause a denial-of-service.
* Denial-of-service when changing current trigger of Industrial IO.
A missing check when setting a new trigger in Industrial IO subsystem
could lead to a NULL pointer deference. A local attacker with access to
'current_trigger' sysfs entry could use this flaw to cause a
denial-of-service.
* CVE-2017-1000380: Information leak when reading timer information from ALSA devices.
A missing data initialization and a race condition when reading timer
information of ALSA devices from user space could lead to an information
leak. A local attacker could use this flaw to get information about
running kernel and facilitate an attack.
* Denial-of-service when user defines surface in VMware Virtual GPU driver.
A missing check on user input could lead to an infinite loop. A local
attacker could use this flaw to cause a denial-of-service.
* Information leak when user defines surface in VMware Virtual GPU driver.
A missing initialization of local variable when user defines surface in
VMXGFX driver could leak stack information. A local attacker could use
this flaw to gain information about the running kernel and facilitate an
attack.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-24-Updates
mailing list