[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-0054c7b1f0)

Tue Feb 21 10:07:34 PST 2017

Synopsis: FEDORA-2017-0054c7b1f0 can now be patched using Ksplice
CVEs: CVE-2016-8636 CVE-2017-2618 CVE-2017-5970

Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-0054c7b1f0.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Denial-of-service when probing NVDIMM interface.

A logic error when canceling an already running probe of an NVDIMM
firmware interface table can cause a kernel crash.  A local attacker
could use this flaw to cause a denial-of-service.

* Denial-of-service when using AEAD ciphers via AF_ALG interface.

A use-after-free in the crypto subsystem can cause a kernel crash when
an AEAD cipher is used. A local attacker could use this flaw to cause a
denial-of-service.

* Denial-of-service in chcr crypto driver usage.

A failure to check a device exists can result in a crash in the chcr
crypto driver. A local attacker could use this flaw to cause a denial-of-service.

* Denial-of-service during input device creation.

A logic error in the input subsystem can result in a kernel crash after
a specific set of ioctls are invoked. A local attacker could use this
flaw to cause a denial-of-service.

* CVE-2017-2618: Information leak in SELinux attribute handling.

An off-by-one error in SELinux attribute handling can cause sensitive
information to be leaked from the kernel. A local attacker could use
this flaw to facilitate an exploit.

* Denial-of-service in qla2xxx ISCSI LIP handling.

A logic error in the qla2xxx driver can cause a NULL pointer dereference
when an ISCSI LIP command is issued. A local attacker could use this
flaw to cause a denial-of-service.

* Denial-of-service during ALSA sequencer queue creation.

A logic error when creating an ALSA sequencer queue can lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.

* Denial-of-service in ALSA sequencer memory management.

A race condition when use of a memory pool is finished can trigger a
use-after-free causing a kernel crash. A local attacker could use this
flaw to cause a denial-of-service.

* CVE-2016-8636: Integer overflow in RDMA over Infiniband.

Incorrect validation of memory bounds can allow a userspace process to
read and write arbitrary memory in the kernel. A local attacker could
use this flaw to escalate privileges.

* Denial-of-service in perf event subsystem.

A race condition in the perf event reading code can result in a kernel
crash due to an out-of-bounds read. A local attacker could use this flaw
to cause a denial-of-service.

* CVE-2017-5970: Denial-of-service in ipv4 options field handling.

Incorrect behaviour when ipv4 options are used can result in a kernel
crash.  A local attacker could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.