[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-83858fc57b)

[Oracle Ksplice]

Synopsis: FEDORA-2019-83858fc57b can now be patched using Ksplice

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-83858fc57b.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service in IGMP source filters.

A memory leak when removing IGMP source filters could result in
exhaustion of system memory.  A local privileged user could use this
flaw to trigger a denial-of-service.


* Denial-of-service in ANSI/IEEE 802.2 LLC type 2 packet transmission.

Incorrect error handling when transmitting packets on an LLC connection
could result in a memory leak and subsequent denial of service.


* Use-after-free in generic receive offload fragmentation.

A use-after-free in the generic receive offload code could result in a
kernel crash when receiving a fragmented packet under specific
conditions.


* Use-after-free in USB networking disconnection.

Incorrect termination of timers on USB networking device disconnection
could result in a use-after-free and kernel crash.


* Information leak in Transparent Inter Process Communication TLV setting.

Incorrect bounds checks could result in copying beyond the end of an
array, leaking the contents of kernel stack memory to user-space.


* Denial-of-service in USB XHCI BOS descriptor handling.

Incorrect handling of the BOS descriptor for USB XHCI devices could
result in a NULL pointer dereference when disconnecting the device.  A
physically present attacker could use this flaw to crash the system with
a malicious device.


* Kernel crash in USB BOS descriptor access.

Missing range checks could result in out-of-bounds memory writes leading
to memory corruption or a kernel crash when a malicious device was added
to the system.


* Denial-of-service in Siano Mobile Digital TV USB tuner probing.

Missing error checking when setting up endpoints for a Siano Mobile
Digital TV tuner could result in an invalid pointer dereference and
kernel crash.  A physically present user with a malicious device could
use this flaw to crash the system.


* Kernel crash in BTRFS during concurrent fsync().

A race condition when performing fsync() on a BTRFS filesystem could
result in triggering a kernel assertion and crashing the system.


* Deadlock in BTRFS zstd workspace manager.

Incorrect locking in the BTRFS zstd workspace manager could result in
deadlock and a kernel hang under specific conditions.


* NULL pointer dereference in BTRFS block group relocation.

A missing NULL pointer check during BTRFS block group relocation could
result in a NULL pointer dereference and kernel crash under specific
conditions.


* BTRFS file corruption on incremental send with no-holes feature.

Incorrect handling of the no-holes feature of BTRFS could result in file
corruption when performing an incremental send under specific
conditions.


* Kernel crash in BTRFS orphan relocation recovery.

A logic error when recovering orphan relocations after power loss could
result in triggering an assertion and crashing the kernel.


* Kernel crash in memory compaction with sparse memory systems.

Incorrect handling of migration pages on a memory with sparsely
populated memory could result in a kernel crash under high memory
pressure.


* Denial-of-service in framebuffer console opening.

Missing error handling when initializing a framebuffer virtual terminal
could result in a divide by zero and kernel crash on the next attempt to
open the device.


* NULL pointer dereference in CIFS file read during low memory conditions.

Incorrect error handling on low memory conditions during CIFS reads
could result in a NULL pointer dereference and kernel crash when
cleaning up other allocations.


* Information leak in LSI MPT Fusion SAS ioctl() handling.

A race condition when validating device identifiers could allow a local
user with access to one device to perform commands on another device
that they should not have permission for.


* Denial-of-service in zerocopy IP sockets.

Incorrect reference counting on socket buffers for zerocopy sockets
could result in a reference count leak.  This could cause a memory leak
or potentially a use-after-free.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.