[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-7462acf8ba)

[Oracle Ksplice]

Synopsis: FEDORA-2019-7462acf8ba can now be patched using Ksplice
CVEs: CVE-2019-8980 CVE-2019-9162

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-7462acf8ba.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* NULL pointer dereference in VMWare vsock destruction.

A failure to check for initialization failure when destroying a VMWare vsock
can result in a NULL pointer dereference, leading to a kernel crash.


* Use-after-free during Vxlan device dismantle.

A failure to correctly clear incoming packets from buffers when dismantling a
Vxlan device can result in a use-after-free.


* Kernel crash in STMMAC Energy Efficient Ethernet configuration.

A race condition when enabling Energy Efficient Ethernet in the STMMAC driver
can result in accessing an uninitialized timer, leading to a kernel crash.


* Kernel crash in IPv4 TCP unreachable destination error handling.

A race condition when processing a destination unreachable ICMP message in a
TCP stream can result in a NULL pointer dereference, leading to a kernel crash.


* Kernel crash in SCSI target transport allocation.

Mismatched memory allocation and free routines in the error handling of the
SCSI target session allocation can result in a kernel crash.


* Deadlock in lm80 fan divisor configuration.

A failure to unlock a mutex after an error when reading an lm80 fan divisor
register can result in a deadlock.


* CVE-2019-9162: Privilege escalation in SNMP NAT ASN.1 parsing.

Incorrect length checks in the ASN.1 decoder implementation for SNMP NAT can
result in an out-of-bounds read or write. A local user could use this flaw to
cause a kernel crash or potentially escalate privileges.


* Use-after-free during modular ISDN device close.

A race condition when removing timers during close of a modular ISDN device
could result in a use-after-free. A local user with the ability to configure a
modular ISDN device could use this flaw to cause a kernel crash or potentially
escalate privileges.


* CVE-2019-8980: Denial-of-service in kernel read file implementation.

A failure to free memory after a read error can result in a memory leak. A
local user could use this flaw to exhaust system memory, leading to a kernel
crash.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.