[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2018-95036ea383)
Oracle Ksplice
ksplice-support_ww at oracle.com
Mon Jan 21 08:44:12 PST 2019
Synopsis: FEDORA-2018-95036ea383 can now be patched using Ksplice
Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-95036ea383.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Deadlock in network namespace creation.
A logic error when tracking IP fragment packet counts can result in an
unbalanced count, leading to a deadlock where the kernel is unable to create
new network namespaces.
* Memory corruption in IPv6 packet transmission alignment.
A logic error when aligning IPv6 packets for transmission can result in SLAB
corruption.
* Kernel panic in Queuing Discipline buffer removal.
A logic error when removing buffers from a queuing discipline can result in
dereferencing a poisoned pointer, leading to a kernel panic.
* Kernel panic in Open vSwitch packet forwarding.
A logic error when receiving packets can result in dereferencing a poisoned
pointer, leading to a kernel panic.
* Information leak via forwarding table from GRE device.
Dumping a forwarding database from a non-ethernet device can result in a kernel
information leak. A local user with access to a Generic Routing Encapsulation
device could use this flaw to facilitate a further attack.
* NULL pointer dereference in TCP loss probe timer.
A mismatch between the retransmission queue and packet count can result in a
NULL pointer dereference when the TCP loss probe timer executes.
* Denial-of-service in creation of tun device via netlink.
A logic error which allows the creation of a tun device via netlink can result
in a NULL pointer dereference, leading to a kernel crash. A local user with
the ability to create network interfaces could use this flaw to cause a
denial-of-service.
* Use-after-free during netfilter table update.
A race condition when updating netfilter table chains can result in a
use-after-free. A local user with the ability to configure netfilter could use
this flaw to potentially escalate privileges.
* Use-after-free in netftiler compatibility interface.
A logic error when destroying netfilter expressions can result in a
use-after-free. A local user with the ability to configure nftables could use
this flaw to escalate privileges.
* Denial-of-service in BPF cgroup memory allocation.
Sleeping in atomic context whilst allocating cgroup local storage in the BPF
subsystem can result in kernel crash. A local user with the ability to create
BPF programs could use this flaw to cause a denial-of-service.
* File descriptor leak in priority handling of Asynchronous IO.
A failure to handle an error case in the IO priority implementation of the
Asynchronous IO subsystem can result in the leak of a file descriptor.
* Memory leak in netfilter hashlimit table creation.
A failure to handle an error case can result in a memory leak.
* Denial-of-service during incremental send of BTRFS filesystem.
A logic error when performing an incremental send of a BTRFS filesystem can
result in the kernel entering an infinite loop. A local user with the ability
to modify and send a BTRFS filesystem could use this flaw to cause a
denial-of-service.
* Deadlock in Broadcom NetXtreme driver registration.
A failure to handle an error case when registering a Broadcom NetXtreme can
result in a failure to release a lock, leading to a deadlock.
* Use-after-free in exportfs dentry release.
A reference count manipulation error can result in an early free, leading to a
use-after-free. A local user could use this flaw to potentially escalate
privileges.
* Denial-of-service during netfilter rule replacement.
A reference count manipulation error when replacing a netfilter table rule can
result in an assertion failure, leading to a kernel crash. A local user with
the ability to add netfilter rules could use this flaw to cause a
denial-of-service.
* Kernel crash during CacheFiles object drop.
A failure to correctly handle an error case when looking up an object in an
CacheFiles instance can result in a NULL pointer dereference, leading to a
kernel crash.
* Denial-of-service in FSCache object lookup.
A race condition between looking up and dropping an object from an FSCache
instance can lead to a kernel hang. A local user could use this flaw to cause a
denial-of-service.
* Kernel crash in FSCache operation completion.
A race condition in the FSCache driver can result in a completion being called
twice concurrently, leading to an assertion failure and a kernel crash.
* Denial-of-service in CacheFiles concurrent page access.
Concurrent access to a single page in CacheFiles backend can result in a
reference to the page being leaked, leading to a memory leak. A local user
could use this flaw to exhaust system memory, leading to a denial-of-service.
* Deadlock during NVMe device flush.
A premature flush of an NVMe device can result in a deadlock, leading to a
kernel hang.
* Double free in NVMe RDMA admin queue buffer management.
A failure to correctly handle error cases in the NVMe RDMA driver can lead to a
double-free of a buffer when the controller is shutdown or reset.
* Deadlock during OCFS2 extent defragmentation.
A locking error when performing defragmentation of an OCFS2 extent can result
in taking the same lock twice, leading to a deadlock.
* Use-after-free in HFS and HFS+ error reporting.
A logic error when printing error information about a recently freed node can
result in a use-after-free. A local user could use this flaw to potentially
escalate privileges.
* Use-after-free during OCFS2 dentry tracing.
Failing to hold a reference to an OCFS2 inode when tracing can result in the
access of freed memory, leading to a use-after-free.
* NULL pointer dereference in DAX inode destruction.
A race condition between destroying an inode and locking a mapping in the DAX
subsystem can result in a NULL pointer reference, leading to a kernel crash. A
local user could use this flaw to cause a denial-of-service.
* Denial-of-service in BPF program verifier.
A logic error in the BPF verifier can result in an assertion failure, leading
to a kernel crash. A local user with the ability to create BPF programs could
use this flaw to cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-29-Updates
mailing list