[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-273b67d5ee)

Tue May 30 16:39:23 PDT 2017

Synopsis: FEDORA-2017-273b67d5ee can now be patched using Ksplice

Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-273b67d5ee.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Race condition in USB device initialization causes denial-of-service.

Two USB devices calling init_usb_class simultaneously can race and
corrupt kernel memory, potentially causing a crash and
denial-of-service.

* Auto-suspending disconnected USB devices causes denial-of-service.

In rare cases, the generic USB driver can attempt to auto-suspend a USB
device not actually connected to the system. This causes a NULL pointer
dereference and denial-of-service.

* Incorrect event handling in KVM causes SMM errors in client.

Incorrect logic when entering system management mode on a KVM client
could cause the system to misbehave, potentially causing the client SMM
to report errors.

* Memory leak in multi-disk device driver causes denial-of-service.

A missing reference count decrement when discarding blocks in the
multi-disk device driver would leak memory, causing performance
degradation and an eventual denial-of-service.

* Deadlock in Intel OPA Gen1 Infiniband driver causes denial-of-service.

Incorrectly holding a spinlock while yielding CPU in the Intel OPA Gen1
Infiniband driver could deadlock the thread, causing a
denial-of-service.

* Denial-of-service when writing to small memory-mapped file on ext4.

In rare cases, writing to a very small memory-mapped file on the ext4
filesystem can execute invalid code, causing a denial-of-service.

* Information leak via unsanitized buffer in getxattr.

Failing to zero out a buffer returned by getxattr in low-memory
situations could cause kernel memory to be exposed to userspace.

* Null private_data in CIFS ioctls causes denial-of-service.

When enumerating CIFS snapshots or getting IOC information for a tree,
the private_data pointer is not properly checked, potentially causing a
kernel panic and denial-of-service.

* Deadlock when reporting DAX device information to sysfs.

Invalid ordering of calls when reporting DAX device information to sysfs
could cause a deadlock and denial-of-service.

* Incorrectly copying list headers on socket clone causes denial-of-service.

When cloning sockets, several list headers are incorrectly copied to the
child sockets, which then leads to double-frees when both sockets are
closed, causing a kernel panic and denial-of-service.

* Information leak via ipv6 fragment header.

The header size of an ipv6 fragment is not properly checked, potentially
allowing an attacker to read out-of-bounds memory when attempting to
parse it, leaking information.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.