[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2018-367d08ef69)

Oracle Ksplice ksplice-support_ww at oracle.com
Wed Nov 28 05:29:39 PST 2018 

Synopsis: FEDORA-2018-367d08ef69 can now be patched using Ksplice

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-367d08ef69.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Out-of-bounds access in AMD GPU gamma updates.

An incorrect loop termination when updating gamma controls could result
in a out-of-bounds memory access and kernel crash.


* NULL pointer dereference in TTY driver lookup.

Incorrect string validation could result in a NULL pointer dereference
and kernel crash when looking for a polling console driver.


* Undefined behaviour in UDF read-write remounting.

Failure to check features when remounting a UDF filesystem as read-write
could allow the filesystem to be mounted writable when certain features
should prohibit mounting.  This flaw could allow a local user to trigger
untested and unsupported features.


* Use-after-free in Plan9 network protocol statistics cleanup.

Failure to reinitialize pointers on Plan9 statistics cleanup could
result in a use-after-free and kernel crash.


* Integer overflow in AMDGPU buffer object list creation.

An integer overflow in the AMD buffer object list creation code could
result in an out-of-bounds access and kernel crash or information leak
under specific conditions.


* Kernel crash in OverlayFS file handle verification.

Incorrect error handling in the OverlayFS file handle verification could
result in dereferencing an invalid pointer and a subsequent kernel
crash.


* Deadlock in OverlayFS file links.

Recursive locking in the OverlayFS file linking code could result in
deadlock.  A local, unprivileged user could use this flaw to crash the
system.


* Denial-of-service in OverlayFS file removal.

Failure to correctly handle file removal from an OverlayFS upper level
could result in a kernel crash.  A local, unprivileged user could use
this flaw to cause a denial of service.


* Use-after-free in QLogic QLA2XXX command aborts.

Incorrect handling of command aborts could result in a use-after-free
and kernel crash with a QLogic QLA2XXX SCSI device.


* Use-after-free in QLogic QLA2XXX SRB resource freeing.

A double free in the QLogic QLA2XXX SRB resource freeing could result in
a kernel crash under specific operating conditions.


* Application crash in FIGETBSZ ioctl().

Incorrect handling of non-block backed filesystems in the FIGETBSZ
ioctl() could result in a divide-by-zero in application code.  A local
user with the ability to trigger this ioctl() in an application with an
attacker controlled path could use this flaw to crash the application.


* Use-after-free in FUSE filesystem device reads and writes.

A race condition when performing reads and writes to a FUSE filesystem
device could result in a use-after-free and kernel crash.


* Task hang in FUSE filesystem request completion.

Incorrect synchronization could result in failure to wake up a task on
FUSE filesystem request completion leading to application hangs.


* FUSE filesystem data corruption in device reads.

Incorrect locking when reading from a FUSE filesystem could result in
processing an incomplete request leading to data corruption.


* Use-after-free in Ceph dentry splicing.

Incorrect reference counting could result in a use-after-free and kernel
crash when splicing a Ceph dentry to an inode.


* Use-after-free in SCSI request completion.

A race condition between request completion and queue cleanup could
result in a kernel crash under specific conditions.


* Use-after-free in OCFS2 metadata corruption cleanup.

Incorrect reference counting could result in a use-after-free of a block
buffer head.


* Kernel crash in OCFS2 direct IO failure.

Failure to correctly free resources on direct IO failure could result in
triggering a kernel assertion and a kernel crash.


* Kernel crash in memory hotplug removal with NMI watchdog.

Insufficient scheduling in the memory hotplug removal code could result
in triggering the NMI watchdog and kernel panic during removal of a
large memory device.


* Kernel crash in TTY baud rate setting.

Missing bounds checking in the TTY baud rate setting code could result
in an out-of-bounds access and kernel crash or information leak.


* BTRFS filesystem corruption in transaction aborts.

Missing locking when destroying a pinned extent could result in
filesystem corruption during transaction aborts.


* Kernel crash in BTRFS copy-on-write failure.

Incorrect cleanup during copy-on-write failure for a BTRFS filesystem
could result in triggering a kernel assertion and crash.


* Task hang in BTRFS file deduplication.

A logic error when handling deduplication of blocks between two files
could result in an infinite loop and a task hang.


* BTRFS file corruption during block cloning.

Failure to clone the final block of a file could result in data
corruption of the cloned file under specific conditions.


* Denial-of-service in EXT4 buffer management.

Multiple buffer leaks in the EXT4 filesystem could result in resource
leaks and a denial of service.


* Use-after-free in FUSE asynchronous direct IO.

A use-after-free when performing FUSE asynchronous direct IO operations
could result in a kernel crash.  A local, unprivileged user could use
this flaw to crash the system.


* Resource leak in FUSE filesystem notification response.

Missing error handling could result in a resource leak and unkillable
tasks under specific conditions during connection reset.


* Task hang in FUSE filesystem abort waits.

Missing synchronization could result in missed wake-up events and a task
hang whilst waiting for completion.


* Out-of-bounds access in SELinux SCTP connect().

Missing validation in the SELinux SCTP connect hook could result in
dereferencing invalid memory leading to a kernel crash or information
leak.


* Memory leak in GFS2 filesystem bitmap buffers.

Missing resource frees for a GFS2 filesystem could result in a memory
leak.  A local user with privileges to mount a filesystem could use this
flaw to exhaust system memory.


* Information leak in cryptography socket NETLINK_CRYPTO call.

Incorrect string copying in the NETLINK_CRYPTO report could result in
leaking the contents of kernel stack memory to an unprivileged local
user.


* Information disclosure via bind mount manipulation.

A logic error when checking mount permissions can result in a namespaced
process being able to view filesystem content outside of its namespace.
A local user could use this flaw to view restricted information.


* Kernel crash in HugeTLB copying during unsharing.

A race condition when changing the protections of a HugeTLB page and
forking the process could result in triggering a kernel assertion and
crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-29-Updates mailing list