From ksplice-support_ww at oracle.com Wed Dec 6 19:20:36 2017 From: ksplice-support_ww at oracle.com (Oracle Ksplice) Date: Thu, 7 Dec 2017 03:20:36 GMT Subject: [Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-905bb449bc) Message-ID: <201712070320.vB73KaCa014102@ksplice-billing.us.oracle.com> Synopsis: FEDORA-2017-905bb449bc can now be patched using Ksplice CVEs: CVE-2017-16994 Systems running Fedora 25 can now use Ksplice to patch against the latest Fedora kernel update, FEDORA-2017-905bb449bc. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Fedora 25 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * Divide-by-zero in TCP New Vegas congestion control packet ack. In rare cases, a logic flaw in the TCP New Vegas congestion control algorithm could allow a divide-by-zero when acknowledging a packet, causing a denial-of-service. * Use-after-free in VLAN event handling due to incorrect reference counting. Incorrect reference counting of a VLAN information structure could allow a race condition, potentially allowing the structure to be freed while still in use and causing memory corruption. * Denial-of-service in Mellanox mlx5 ethernet page reuse code. In rare cases, failing to allocate a DMA page could cause the page structure to be double-freed, corrupting memory or causing a denial-of-service. * Information leak via IPv6 SCTP scope ids. The IPv6 SCTP driver fails to initialize the scope_id field of the ipv6 address in some cases, potentially leaking information from the kernel stack onto the network. * Information leak via Trusted Platform Module communications buffer. When transmitting a TPM command, the length of the buffer is not properly checked, potentially allowing the buffer to contain uninitialized data. * Deadlock in OCFS2 when modifying attributes. A lock ordering issue when modifying file attributes on the OCFS2 filesystem could in rare cases cause a deadlock and denial-of-service. * Information leak via fsync in Coda filesystem. Calling fsync on the Coda filesystem causes a larger-than-necessary buffer to be copied to userspace via upcall, potentially leaking kernel information to userspace. * Double-free in Hauppauge HD video recorder probe. Incorrect error handling when tearing down from a failed probe in the Hauppauge HD video recorder driver could cause memory to be freed multiple times, resulting in memory corruption or a denial-of-service. * Denial-of-service in page extension lookup code. When allocating space for memory page extensions, certain edge cases are not properly checked unless CONFIG_DEBUG_VM is enabled. This could lead to an unhandled page fault and denial-of-service. * CVE-2017-16994: Kernel information leak via mincore syscall. When checking if memory pages are present via the mincore syscall, walk_huge_tlbrange() does not properly check for missing pages in the TLB range, potentially allowing mincore to return uninitialized data. * Memory leak in TCP generic segmentation offload with unusual buffers. When disassembling a TCP generic segmentation offload buffer, some of the resulting buffers might incorrectly be leaked if their sizes were not as expected. * Denial-of-service when receiving from QMI WWAN device in raw IP mode. Missing initialization code could cause a kernel oops and denial-of-service when receiving packets from a QMI WWAN device in raw IP mode. * Divide-by-zero when probing USB network devices. USB network devices using the Communications Device Class or Qualcomm MSM Interface protocols could potentially maliciously cause a denial-of-service by presenting invalid functional descriptors and causing a divide-by-zero. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.