[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-541c2b2a47)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Jun 15 08:02:34 PDT 2017
Synopsis: FEDORA-2017-541c2b2a47 can now be patched using Ksplice
CVEs: CVE-2017-9242
Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-541c2b2a47.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service when using Virtual Routing and Forwarding.
A missing check when receiving packet while Virtual Routing and
Forwarding is enabled could lead to a use-after-free. A remote attacker
could use this flaw to cause a denial-of-service.
* Denial-of-service when using network emulation on local loop back sockets.
A reference counting error when using network emulation on local sockets
could lead to a memory exhaustion of the system. A local attacker could
use this flaw to cause a denial-of-service.
* Denial-of-service when using TX ring buffer with Packet protocol.
A missing reference release in the error path when using TX ring buffer
with Packet protocol could lead to memory exhaustion. A local attacker
could use this flaw to cause a denial-of-service.
* CVE-2017-9242: Denial-of-service when using send syscall of IPV6 socket.
A missing check when sending messages over IPV6 sockets could lead to an
out-of-bound access. A local user could use this flaw to cause a
denial-of-service.
* Denial-of-service when using TCP fastopen on a socket with unknown address family.
A missing check on socket's address family type when using TCP fastopen
could lead to a kernel BUG(). A local attacker could create such socket
and send TCP fastopen packet over to cause a denial-of-service.
* Denial-of-service in SCSI lower layer drivers when sending data.
A missing memory initialization could lead to NULL pointer dereference
or data corruption when sending data over SCSI. A local attacker could
use this flaw to corrupt memory or cause a denial-of-service.
* Denial-of-service when creating Infiniband SCSI RDMA targets.
An incorrect freeing of resources when creating a new SCSI RDMA target
could lead to a NULL pointer dereference. A local attacker with access
to 'add_target' sysfs could use this flaw to cause a denial-of-service.
* Denial-of-service when committing pages to XFS filesystem.
A missing check when writing on-going pages to XFS filesystem could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.
* Denial-of-service when unmounting a previously corrupted XFS.
A logic error when unmounting a XFS filesystem with btree corrupted
could lead to a deadlock. A malicious user could use this flaw to cause
a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-25-Updates
mailing list