[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-466d902289)

[Oracle Ksplice]

Synopsis: FEDORA-2017-466d902289 can now be patched using Ksplice
CVEs: CVE-2017-7477 CVE-2017-7487

Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-466d902289.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service in Plan 9 filesystem access control list manipulation.

Incorrect error handling when updating access control lists in the plan
9 filesystem can result in a memory leak. A local attacker could use
this flaw to exhaust kernel memory, resulting in a denial-of-service.


* Denial-of-service in iwlwifi debugfs interface.

A failure to correctly validate input can result in a kernel crash when
writing to the iwlwifi debug interface. A privileged attacker could use
this flaw to crash the kernel, leading to a denial-of-service.


* Out-of-bounds access in Intel power management controller.

A logic error in the intel power management controller driver can result
in an out-of-bounds memory access. This could result in undefined
behaviour or a kernel crash.


* Kernel crash in mwifiex 802.11 packet transmission.

A logic error in the processing of wifi transmission packets in the
mwifiex driver can result in a buffer overrun, resulting in a kernel
crash.


* Denial-of-service in qedi iSCSI connection initialization.

Incorrect error handling can result in a failure to free kernel memory.
A local attacker with the ability to create iSCSI connections could use
this flaw to cause a denial-of-service.


* Kernel crash in Broadcom flexible MAC wifi driver.

A logic error in the processing of wifi transmission packets can result
in the access of uninitialised memory resulting in a kernel crash.


* Denial-of-service in IPv6 duplicate address detection.

A race condition in the handling of duplicate address detection for IPv6
could result in kernel memory corruption. A user with the ability to
create network namespaces could use this flaw to crash the kernel,
leading to a denial-of-service.


* Denial-of-service in TCP accept handling.

A failure to correctly initialize a pointer when accepting TCP
connections could result in a double free. A local attacker could use
this flaw to cause undefined behaviour or a kernel crash, leading to a
denial-of-service.


* Denial-of-service in raw socket IP header processing.

A failure to validate IP packets submitted to raw sockets can result in
the access of invalid memory. This could result in a kernel crash,
leading to a denial-of-service.


* Information disclosure via use of unprivileged eBPF programs.

A failure to enforce kptr_restrict for eBPF programs can result in the
leak of sensitive information to userspace. A local attacker could use
this flaw to facilitate a further attack.


* Denial-of-service due to corrupted F2FS filesystem.

A failure to validate the segment count when mounting an F2FS
filesystem can result in undefined behaviour when accessing the
filesystem. This could result in a kernel crash, leading of a
denial-of-service.


* Use-after-free in DRM/TTM fault handling.

A race condition in the DRM/TTM driver can result in a use-after-free
during vm fault handling. A local attacker could use this flaw to cause
a kernel crash.


* CVE-2017-7487: Use-after-free in IPX reference count handling.

A reference count leak in the IPX ioctl handler can result in a
reference count overflow leading a use-after-free. A local attacker
could use this flaw to crash the kernel or escalate privileges.


* Kernel crash in Broadcom NetXtreme Receive Flow Steering.

A failure to allocate enough memory for Receive Flow Steering management
can result in a buffer overrun leading to undefined behaviour or a
kernel crash.


* Denial-of-service in TCP transmission buffer management.

A logic error during management of TCP packet buffers can cause an
assertion failure in the Kernel leading to undefined behaviour or
potentially a Kernel crash. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2017-7477: Remote Denial-of-service in 802.1AE implementation.

A flaw in the handling of memory allocation in the macsec driver can
result in a buffer overflow.  A remote attacker could use this flaw to
cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.