[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2018-367d08ef69)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed Nov 28 05:29:39 PST 2018
Synopsis: FEDORA-2018-367d08ef69 can now be patched using Ksplice
Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-367d08ef69.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Out-of-bounds access in AMD GPU gamma updates.
An incorrect loop termination when updating gamma controls could result
in a out-of-bounds memory access and kernel crash.
* NULL pointer dereference in TTY driver lookup.
Incorrect string validation could result in a NULL pointer dereference
and kernel crash when looking for a polling console driver.
* Undefined behaviour in UDF read-write remounting.
Failure to check features when remounting a UDF filesystem as read-write
could allow the filesystem to be mounted writable when certain features
should prohibit mounting. This flaw could allow a local user to trigger
untested and unsupported features.
* Use-after-free in Plan9 network protocol statistics cleanup.
Failure to reinitialize pointers on Plan9 statistics cleanup could
result in a use-after-free and kernel crash.
* Integer overflow in AMDGPU buffer object list creation.
An integer overflow in the AMD buffer object list creation code could
result in an out-of-bounds access and kernel crash or information leak
under specific conditions.
* Kernel crash in OverlayFS file handle verification.
Incorrect error handling in the OverlayFS file handle verification could
result in dereferencing an invalid pointer and a subsequent kernel
crash.
* Deadlock in OverlayFS file links.
Recursive locking in the OverlayFS file linking code could result in
deadlock. A local, unprivileged user could use this flaw to crash the
system.
* Denial-of-service in OverlayFS file removal.
Failure to correctly handle file removal from an OverlayFS upper level
could result in a kernel crash. A local, unprivileged user could use
this flaw to cause a denial of service.
* Use-after-free in QLogic QLA2XXX command aborts.
Incorrect handling of command aborts could result in a use-after-free
and kernel crash with a QLogic QLA2XXX SCSI device.
* Use-after-free in QLogic QLA2XXX SRB resource freeing.
A double free in the QLogic QLA2XXX SRB resource freeing could result in
a kernel crash under specific operating conditions.
* Application crash in FIGETBSZ ioctl().
Incorrect handling of non-block backed filesystems in the FIGETBSZ
ioctl() could result in a divide-by-zero in application code. A local
user with the ability to trigger this ioctl() in an application with an
attacker controlled path could use this flaw to crash the application.
* Use-after-free in FUSE filesystem device reads and writes.
A race condition when performing reads and writes to a FUSE filesystem
device could result in a use-after-free and kernel crash.
* Task hang in FUSE filesystem request completion.
Incorrect synchronization could result in failure to wake up a task on
FUSE filesystem request completion leading to application hangs.
* FUSE filesystem data corruption in device reads.
Incorrect locking when reading from a FUSE filesystem could result in
processing an incomplete request leading to data corruption.
* Use-after-free in Ceph dentry splicing.
Incorrect reference counting could result in a use-after-free and kernel
crash when splicing a Ceph dentry to an inode.
* Use-after-free in SCSI request completion.
A race condition between request completion and queue cleanup could
result in a kernel crash under specific conditions.
* Use-after-free in OCFS2 metadata corruption cleanup.
Incorrect reference counting could result in a use-after-free of a block
buffer head.
* Kernel crash in OCFS2 direct IO failure.
Failure to correctly free resources on direct IO failure could result in
triggering a kernel assertion and a kernel crash.
* Kernel crash in memory hotplug removal with NMI watchdog.
Insufficient scheduling in the memory hotplug removal code could result
in triggering the NMI watchdog and kernel panic during removal of a
large memory device.
* Kernel crash in TTY baud rate setting.
Missing bounds checking in the TTY baud rate setting code could result
in an out-of-bounds access and kernel crash or information leak.
* BTRFS filesystem corruption in transaction aborts.
Missing locking when destroying a pinned extent could result in
filesystem corruption during transaction aborts.
* Kernel crash in BTRFS copy-on-write failure.
Incorrect cleanup during copy-on-write failure for a BTRFS filesystem
could result in triggering a kernel assertion and crash.
* Task hang in BTRFS file deduplication.
A logic error when handling deduplication of blocks between two files
could result in an infinite loop and a task hang.
* BTRFS file corruption during block cloning.
Failure to clone the final block of a file could result in data
corruption of the cloned file under specific conditions.
* Denial-of-service in EXT4 buffer management.
Multiple buffer leaks in the EXT4 filesystem could result in resource
leaks and a denial of service.
* Use-after-free in FUSE asynchronous direct IO.
A use-after-free when performing FUSE asynchronous direct IO operations
could result in a kernel crash. A local, unprivileged user could use
this flaw to crash the system.
* Resource leak in FUSE filesystem notification response.
Missing error handling could result in a resource leak and unkillable
tasks under specific conditions during connection reset.
* Task hang in FUSE filesystem abort waits.
Missing synchronization could result in missed wake-up events and a task
hang whilst waiting for completion.
* Out-of-bounds access in SELinux SCTP connect().
Missing validation in the SELinux SCTP connect hook could result in
dereferencing invalid memory leading to a kernel crash or information
leak.
* Memory leak in GFS2 filesystem bitmap buffers.
Missing resource frees for a GFS2 filesystem could result in a memory
leak. A local user with privileges to mount a filesystem could use this
flaw to exhaust system memory.
* Information leak in cryptography socket NETLINK_CRYPTO call.
Incorrect string copying in the NETLINK_CRYPTO report could result in
leaking the contents of kernel stack memory to an unprivileged local
user.
* Information disclosure via bind mount manipulation.
A logic error when checking mount permissions can result in a namespaced
process being able to view filesystem content outside of its namespace.
A local user could use this flaw to view restricted information.
* Kernel crash in HugeTLB copying during unsharing.
A race condition when changing the protections of a HugeTLB page and
forking the process could result in triggering a kernel assertion and
crash.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-29-Updates
mailing list