[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (4.8.8-300.fc25)
Oracle Ksplice
ksplice-support_ww at oracle.com
Mon Nov 28 06:05:45 PST 2016
Synopsis: 4.8.8-300.fc25 can now be patched using Ksplice
CVEs: CVE-2016-7039 CVE-2016-8645 CVE-2016-9555
Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, 4.8.8-300.fc25.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Information leak in Precision Time Protocol (PTP) driver.
Due to the lack of memory initialization, information was leaking to
userspace when making PTP_SYS_OFFSET_PRECISE ioctl call. A local user
who can communicate with the driver can use this to introspect kernel
memory space.
* Denial-of-service when using traffic control.
A null pointer dereference in traffic control classifier action
subsystem could crash the kernel. An attacker can exploit this to cause
denial of service using userspace tools such as tc.
* Use-after-free in TCP stack when IPv6 is used.
Incorrect data manipulation in TCP stack resulted in use-after-free when
using IPv6. An attacker can exploit this to execute arbitrary code in
kernel mode.
* Memory corruption in Mellanox driver.
Because of a race in Mellanox driver, some ethernet ring configuration may
lead to memory corruption. An attacker can exploit this to cause denial of
service.
* Denial of service when processing ARP requests on VLAN devices.
A bug in core networking code led to an infinite loop inside the kernel,
resulting in denial of service.
* Denial of service in IPv4 subsystem.
Incorrect locking in the sysctl interface to IPv4 subsystem let to
inconsistent lock state which could cause the kernel to get stuck in a
deadlock.
* Privilege escalation in SCTP getsockopt().
Incorrect integer operation when getting SCTP_EVENTS socket option leads
to undefined behavior. An attacker can use this to execute arbitrary code
in kernel mode.
* Denial-of-service in SCTP routing update.
When sending an SCTP packet, if the route has changed at transport layer
since we last sent a packet, trying to use the old configuration leads to
a kernel panic.
* CVE-2016-9555: Remote denial-of-service due to SCTP state machine memory corruption.
A missing bound-check in one of the state functions caused memory use
beyond what has been allocated. This could lead to memory corruption and
other undefined behaviors.
* Data loss when passing command to megaraid controller.
A bug in the way SYNCHRONIZE_CACHE command was handled resulted in
cached data not being flushed to disk properly in JBOD mode. This
results in data integrity failure.
* CVE-2016-8645: Denial of service when receiving TCP packet.
When collapsing multiple socket buffers into one, a bug in the code
could result in kernel panic. A remote attacker can trigger this by
sending specially crafted packets and cause denial of service.
* CVE-2016-7039: Kernel crash due to unbounded recursion in vlan GRO processing.
Linux kernel built with the 802.1Q/802.1ad VLAN OR Virtual eXtensible LAN
with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack
overflow issue, leading to a stack corruption in the kernel.
A remote user could use this flaw to cause kernel panic by sending malicious
packets to a server that has GRO enabled.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-25-Updates
mailing list