[Ksplice-Fedora-24-updates] New Ksplice updates for Fedora 24 (FEDORA-2017-c6974bc696)

Tue Jun 20 06:01:34 PDT 2017

Synopsis: FEDORA-2017-c6974bc696 can now be patched using Ksplice
CVEs: CVE-2017-1000380

Systems running Fedora 24 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-c6974bc696.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 24
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Denial-of-service when removing a VXLAN interface.

A logic error when removing a VXLAN interface could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.

* Denial-of-service when using Generic Segmentation Offload on IPV6 socket.

A missing check when using Generic Segmentation Offload on IPV6 socket
could lead to a memory leak. A local attacker could use this flaw to cause
a denial-of-service.

* Denial-of-service when binding Distributed Switch Architecture driver.

A missing check when unbinding DSA driver and then rebinding it could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.

* Denial-of-service when using network IPV6 packets labeling.

A logic error when using network labeling on IPV6 packets could lead to
an out of bound access. A local attacker could use this flaw to cause a
denial-of-service.

* Denial-of-service when using asymmetric crypto key with backlog enabled.

A missing check in error path when using asymmetric crypto key with
backlog enabled could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.

* Denial-of-service when adding a key using the key control subsystem.

A missing check on user input when using add_key syscall of keyctl could
lead to a NULL pointer dereference if the key type is asymmetric,
cifs.idmap, cifs.spnego, or pkcs7_test.  A local attacker could use this
flaw to cause a denial-of-service.

* Denial-of-service when updating a key using the key control subsystem.

A missing check in error path when updating a key with asymmetric type
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.

* Denial-of-service when copying up in overlay filesystem.

A missing check in error path when copying up file from lower to upper
filesystem in overlayfs configuration could lead to a memory leak.
A local attacker could use this flaw to cause a denial-of-service.

* Denial-of-service in NFS daemon when receiving malformed request.

A logic error when receiving a malformed or malicious request from a NFS
client could lead to a NULL pointer dereference. A remote attacker could
use this flaw to cause a denial-of-service.

* Denial-of-service when changing current trigger of Industrial IO.

A missing check when setting a new trigger in Industrial IO subsystem
could lead to a NULL pointer deference. A local attacker with access to
'current_trigger' sysfs entry could use this flaw to cause a
denial-of-service.

* CVE-2017-1000380: Information leak when reading timer information from ALSA devices.

A missing data initialization and a race condition when reading timer
information of ALSA devices from user space could lead to an information
leak. A local attacker could use this flaw to get information about
running kernel and facilitate an attack.

* Denial-of-service when user defines surface in VMware Virtual GPU driver.

A missing check on user input could lead to an infinite loop. A local
attacker could use this flaw to cause a denial-of-service.

* Information leak when user defines surface in VMware Virtual GPU driver.

A missing initialization of local variable when user defines surface in
VMXGFX driver could leak stack information. A local attacker could use
this flaw to gain information about the running kernel and facilitate an
attack.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.