[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-3a9ec92dd6)

Mon Apr 24 09:32:56 PDT 2017

Synopsis: FEDORA-2017-3a9ec92dd6 can now be patched using Ksplice
CVEs: CVE-2017-2671 CVE-2017-7187

Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-3a9ec92dd6.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2017-7187: Denial-of-service in SCSI driver ioctl handler.

The ioctl handler function in SCSI driver allows local users to cause a
denial of service (stack-based buffer overflow) or possibly have
unspecified other impact via a large command size in an SG_NEXT_CMD_LEN
ioctl call, leading to out-of-bounds write access in the sg_write
function.

* Use-after-free in ALSA sequencer buffer resizing.

A race condition when resizing a FIFO in the ALSA sequencer
implementation can lead to a use-after-free. A local attacker with
access to an ALSA sequencer device could use this flaw to crash the
kernel.

* CVE-2017-2671: Use-after-free in ping implementation.

A race condition in the kernel ping implementation can result in a
use-after-free. A local attacker with access to ping sockets could use
this flaw to case a kernel crash or escalate privileges.

* Out-of-bounds write in crypto subsystem.

A failure to check bounds for cryptographic operations can result in the
overrun of a buffer. A local attacker could use this flaw to crash the
kernel.

* Use-after-free in KVM bus registration handling.

A failure to correctly handle unregistering devices from the KVM bus can
result in a use-after-free. A local attacker with access to virtual
machine management could use this flaw to crash the kernel or escalate
privileges.

* Denial-of-service in USB URB submission.

A flaw in the error handling of sending URB packets can result in
memory corruption. A local attacker with access to USB devices could use
this flaw to crash the kernel.

* Information disclosure in /proc/[pid]/syscall output.

A failure to correctly sanitize information in the /proc/[pid]/syscall
handler can result in sensitive kernel memory being exposed to
userspace. A local attacker could use this flaw to facilitate a further
attack.

* Denial-of-service in parallel data subsystem.

A race condition in the pdata subsystem can result in a kernel crash
when under heavy usage. A local attacker could use this flaw to cause a
denial-of-service.

* Denial-of-service in XFS mount validation.

Multiple flaws in the XFS mount code can result in a kernel crash when
loading corrupted filesystem images. A local attacker with the ability
to mount filesystems could use this flaw to cause a denial-of-service.

* Denial-of-service in XFS inode alignment logic.

A failure to handle the case where the bock size is greater than the
inode cluster size can lead to an assertion failure. An attacker with
the ability to mount filesystems could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.