[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-39b5facda0)

[Oracle Ksplice]

Synopsis: FEDORA-2017-39b5facda0 can now be patched using Ksplice
CVEs: CVE-2017-1000371 CVE-2017-7541 CVE-2017-7542

Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-39b5facda0.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service when using Solarflare SFC Ethernet controllers.

An incorrect size declaration of an on-stack buffer when using SFC
Ethernet controller with filtering enabled could lead to a stack
overflow. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when using UDP Fragmentation Offload with NFS.

A logic error when checking socket buffer length when UFO is enabled
could lead to stuck NFS writes.


* Denial-of-service when using DP83640 PHYTER driver.

A logic error when using DP83640 PHYTER driver could lead to a NULL
pointer dereference. A remote attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when disconnecting a TCP connection over IPV4.

A missing release of resources when disconnecting a TCP connection over
iPV4 could lead to a reference count leak. A local attacker could use
this flaw to cause a denial-of-service.


* Use-after-free in Virtio network driver.

A missing disable of TX channel when resetting Virtio network could lead
to a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when creating invalid Netlink messages.

A missing check on a callback being NULL in error path when creating
invalid Netlink messages could lead to a NULL pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.


* Denial-of-service when using MLXSW Spectrum driver.

A missing check on network interface when creating a bridge between a
MLXSW Spectrum interface and a Virtual Lan interface could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* Memory leak when using Generic Receive Offload technology.

A missing free when using Generic Receive Offload network technology
could lead to invalid reference count and thus memory leak. A local
attacker could use this flaw to cause a denial-of-service.


* Out of bound access when getting network device statistics.

A size error when converting network device statistics to a 64 bits
format could lead to an out of bound access. A local attacker could use
this flaw to cause a denial-of-service.


* Reference leak when using Reliable Datagram Sockets.

A logic error when establishing a TCP Connection using Reliable Datagram
Sockets could lead to a reference leak. An attacker could use this flaw
to cause a denial-of-service.


* Memory leak in fail path of Ethernet bridging driver.

A missing free in Ethernet bridging driver error path could lead to a
memory leak. A remote attacker could use this flaw to cause a
denial-of-service.


* Out of bound access when using Solarflare SFC Ethernet controllers.

A logic error when parsing MAC addresses in SFC Ethernet controller
driver could lead to an out of bound access. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2017-7541: Buffer overflow in Broadcom IEEE802.11n embedded FullMAC WLAN driver.

A logic error in Broadcom IEEE802.11n embedded FullMAC WLAN driver could
lead to buffer overflow when user send a crafted NL80211_CMD_FRAME
packet via netlink. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service in Broadcom IEEE802.11n embedded FullMAC WLAN driver.

Multiple error in Broadcom IEEE802.11n embedded FullMAC WLAN driver
could lead to memory leaks. A local attacker could use this flaw to
cause a denial-of-service.


* Uninitialized memory accesses when using NAN and PMKID services of cfg80211.

Missing check on user inputs when using NAN and PMKID services could
lead to an uninitialized memory access. A local attacker could use this
flaw to cause a denial-of-service.


* Denial-of-service when using madvise syscall.

A logic error when releasing a page from a memory range where user
advise the kernel with madvise() syscall could lead to a kernel assert.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2017-1000371: Privilege escalation when executing a shared object file.

A logic error when loading shared object file with ELF format could
facilitate an exploit leading to privilege escalation.


* CVE-2017-1000371: Privilege escalation when executing a program.

A missing limit of stack usage when passing many argument to a program
could facilitate an exploit and leads to privilege escalation.


* Memory leak when registering a Non Volatile Memory device.

A missing release of resources in error path when registering a Non
Volatile Memory device could lead to a memory leak. A local attacker
could use this flaw to cause a denial-of-service.


* Out of bound access when using AVX2 instructions for SHA1.

An error when using AVX2 instruction on X86 with SHA1 could lead to an
out of bound access. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference when tearing down Intel HDMI Audio driver.

A missing clear of a pointer when tearing down Intel HDMI Audio driver
could lead to a NULL pointer dereference. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2017-7542: Buffer overflow when parsing IPV6 fragments header.

An incorrect data type when parsing IPV6 fragments header could lead to
a buffer overflow and to an infinite loop. A remote attacker could use
this flaw to cause a denial-of-service.


* Denial-of-service when posting message through the Microsoft Hypervisor.

A logic error when posting message through the Microsoft Hypervisor
could lead to memory corruption. A local attacker could use this flaw to
cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.