[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-273b67d5ee)
Oracle Ksplice
ksplice-support_ww at oracle.com
Tue May 30 16:39:23 PDT 2017
Synopsis: FEDORA-2017-273b67d5ee can now be patched using Ksplice
Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-273b67d5ee.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Race condition in USB device initialization causes denial-of-service.
Two USB devices calling init_usb_class simultaneously can race and
corrupt kernel memory, potentially causing a crash and
denial-of-service.
* Auto-suspending disconnected USB devices causes denial-of-service.
In rare cases, the generic USB driver can attempt to auto-suspend a USB
device not actually connected to the system. This causes a NULL pointer
dereference and denial-of-service.
* Incorrect event handling in KVM causes SMM errors in client.
Incorrect logic when entering system management mode on a KVM client
could cause the system to misbehave, potentially causing the client SMM
to report errors.
* Memory leak in multi-disk device driver causes denial-of-service.
A missing reference count decrement when discarding blocks in the
multi-disk device driver would leak memory, causing performance
degradation and an eventual denial-of-service.
* Deadlock in Intel OPA Gen1 Infiniband driver causes denial-of-service.
Incorrectly holding a spinlock while yielding CPU in the Intel OPA Gen1
Infiniband driver could deadlock the thread, causing a
denial-of-service.
* Denial-of-service when writing to small memory-mapped file on ext4.
In rare cases, writing to a very small memory-mapped file on the ext4
filesystem can execute invalid code, causing a denial-of-service.
* Information leak via unsanitized buffer in getxattr.
Failing to zero out a buffer returned by getxattr in low-memory
situations could cause kernel memory to be exposed to userspace.
* Null private_data in CIFS ioctls causes denial-of-service.
When enumerating CIFS snapshots or getting IOC information for a tree,
the private_data pointer is not properly checked, potentially causing a
kernel panic and denial-of-service.
* Deadlock when reporting DAX device information to sysfs.
Invalid ordering of calls when reporting DAX device information to sysfs
could cause a deadlock and denial-of-service.
* Incorrectly copying list headers on socket clone causes denial-of-service.
When cloning sockets, several list headers are incorrectly copied to the
child sockets, which then leads to double-frees when both sockets are
closed, causing a kernel panic and denial-of-service.
* Information leak via ipv6 fragment header.
The header size of an ipv6 fragment is not properly checked, potentially
allowing an attacker to read out-of-bounds memory when attempting to
parse it, leaking information.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-25-Updates
mailing list