[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-adecec7468)

Oracle Ksplice ksplice-support_ww at oracle.com
Mon Apr 8 14:48:20 PDT 2019 

Synopsis: FEDORA-2019-adecec7468 can now be patched using Ksplice

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-adecec7468.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Potential kernel crash in UDF filesystem's truncate() error path.

An incorrectly handled error case in the truncate(2) syscall on a UDF
filesystem can trip a kernel BUG(), leading to a kernel panic.  This
could potentially be exploited to cause a denial-of-service.


* Data corruption on ext4 filesystems while performing direct AIO.

Under certain conditions, it is possible for unaligned direct AIO
operations on an ext4 filesystem to corrupt previously written
filesystem blocks.  A malicious user could potentially exploit this flaw
to corrupt filesystem data.


* Information leak in v4l2 and uvc device drivers.

A failure to properly zero an event structure used in both the v4l2 and
uvc USB device drivers can lead to privileged kernel information being
leaked to userspace.  This could potentially be exploited to leak
information about the running system.


* Potential NULL dereference in hci_uart receive path.

A failure to check for an error condition in h4_recv_buf can lead to a
NULL pointer dereference, and subsequent kernel panic.  This could cause
a denial-of-service.


* Deadlock while performing atomic file operations on f2fs filesystems.

A lock ordering issue in the f2fs code paths responsible for handling
atomic file operations can lead to a deadlock.  This could potentially
be exploited by a malicious user to disrupt filesystem operations, or
cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-29-Updates mailing list