[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (FEDORA-2018-898f23c2f3)

[Oracle Ksplice]

Synopsis: FEDORA-2018-898f23c2f3 can now be patched using Ksplice

Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-898f23c2f3.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service in IBM ASM Service Processor read handler.

A logic error in the ibmasm driver could allow the code to write outside
the bounds of a given buffer, leading to kernel or userspace memory
corruption and possible kernel panic.  This could be used to cause a
denial-of-service.


* Information leak in USB serial error handling.

A failure to properly check boundaries could lead to leaking kernel
memory to user space.


* Privilege escalation in USB Yurex read handler.

A logic error in the USB Yurex read handler code could allow the driver
to access userspace memory outside the bounds of the userspace buffer,
potentially leading to memory corruption or privilege escalation inside
userspace.


* Denial-of-service with multiple loop devices.

Improper device validation in the loop code could lead to an infinite
loop when accessing all of the loop file descriptors.  This could be
exploited to cause a denial-of-service.


* Denial-of-service in F2FS error handling.

Missing checks and logic errors in f2fs could lead to kernel BUGs or
corrupted filesystem.  This could be used to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.