[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-d875ae8299)

Fri Mar 3 15:54:25 PST 2017

Synopsis: FEDORA-2017-d875ae8299 can now be patched using Ksplice
CVEs: CVE-2017-6345 CVE-2017-6346 CVE-2017-6347 CVE-2017-6348

Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-d875ae8299.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2017-6345: Denial of service in 802.2 LLC packet processing.

A logic error when receiving PDUs on an 802.2 LLC network socket can trigger a
kernel panic and denial of service when freeing memory.

* CVE-2017-6346: Use-after-free in AF_PACKET fanout.

Invalid locking when processing the PACKET_FANOUT sockopt for AF_PACKET sockets
can trigger a use-after-free condition and kernel panic. A local user could use
this flaw to elevate privileges.

* Kernel panic when retrieving VXLAN egress information.

A logic error when retrieving packet egress information for VXLAN interfaces
can trigger a NULL pointer dereference and kernel panic.

* CVE-2017-6348: Deadlock in Infrared socket teardown.

Invalid locking in the infrared networking subsystem can trigger a deadlock and
kernel panic when tearing down sockets. A local user can use this flaw to
trigger a denial of service.

* Deadlock in network device notifications.

Incorrect locking in the generic networking subsystem can trigger an infinite
loop and kernel panic when processing device notifications.

* CVE-2017-6347: Denial of service in IPv4 IP_CHECKSUM control message.

A logic error when calculating the checksum of an IPv4 packet can trigger an
out-of-bounds read and kernel panic. A local user could use this flaw to cause
a denial of service.

* Denial of service in Moschip USB serial driver.

A logic error when attaching to a Moschip USB serial device with no
interrupt-in endpoint can trigger a NULL pointer dereference and kernel panic.

* Information leak in USB FTDI serial response parsing.

A logic error when handling short modem-status responses can allow the contents
of kernel memory to be leaked to userspace.

* Information leak in USB SPCP8x5 serial driver.

A logic error when handling short modem-status responses can allow the contents
of kernel memory to be leaked to userspace.

* Information leak in USB ARK Micro 3116 serial driver.

A logic error when handling short register-accessor responses can allow the
contents of kernel memory to be leaked to userspace.

* Kernel panic in generic filesystem writeback subsystem.

Incorrect reference counting when initializing filesystem writeback information
can trigger a double-free and trigger a kernel panic.

* Denial of service in Realtek WiFi interface management.

Incorrect memory management when disabling an Realtek WiFi interface can leak
URBs causing USB communications to stop, causing a denial of service.

* Data loss in XFS buffered delayed allocations.

Incorrect resource management when handling delayed allocations on XFS
filesystems can trigger invalid data to be written to file holes and trigger
data loss.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.