[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-3fb81dd282)

Mon May 13 10:17:40 PDT 2019

Synopsis: FEDORA-2019-3fb81dd282 can now be patched using Ksplice
CVEs: CVE-2019-11486 CVE-2019-11815

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-3fb81dd282.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Denial-of-service in Netfilter tables dynamic operations .

A logic error in the netfilter code could result in a use-after-free
condition, leading to possible memory corruption or kernel panic. This
could be used for a denial-of-service attack.

* Use-after-free condition in IPv6 tunnel receive.

A logic error in the ipv6 code could result in a use-after-free condition
while getting headers during a receive.

* Denial-of-service during KCM device registration.

A race condition in the KCM code while creating KCM sockets during device
registration could result in a NULL pointer dereference and subsequent
kernel crash or memory corruption.  This could be exploited to cause a
denial-of-service attack.

* CVE-2019-11815: Use-after-free in RDS socket creation.

A logic error in the RDS code could fail to properly clean up a socket once
it is destroyed, which could then lead to a use-after-free on a new socket
creation.  This could be used to cause a denial-of-service.

* Denial-of-service in Open vSwitch flow action buffers.

A logic error in the openvswitch code could fail to properly resize
the flow action buffers, which could lead to a buffer overflow condition.
This could be used for a denial-of-service attack.

* Kernel information leak during SCTP socket IPv4 address copying.

A failure to properly initialize the ipv4 address before copying it to the
user could leak some kernel memory to the user.

* Denial-of-service with TCP IPv4 socket initialization failure.

A failure to properly handle error conditions in the TCP ipv4 code
could result in a NULL pointer dereference, which could be used for a
denial-of-service attack.

* Use-after-free in Encapsulated Remote Switch Port Analyzer packet receive.

A logic error in the IP GRE remote span code could result in a use-after-free
condition on received packets, possibly resulting in a kernel panic or
memory corruption.  This could be exploited for a denial-of-service attack.

* Denial-of-service in Network Interface IP receive.

A failure to properly clean up memory in the network interface code could
result in memory corruption and possible kernel crash.  This could be
exploited for a denial-of-service attack.

* NULL pointer dereference in MLX5 message receive failure.

A failure to properly handle an error condition in the mlx5 code could
lead to a NULL pointer dereference and possible memory corruption of kernel
panic.

* CVE-2019-11486: Denial-of-service in Siemens R3964 line discipline drivers.

Multiple race conditions in the r3964 line discipline driver could lead to
various conditions that could be exploited to cause a denial-of-service.

* Denial-of-service in ALSA ioctl calls.

An invalid assumption in the ALSA code could result in an invalid memory
access when accessing userspace strings in the ioctl code.  This could be
used for a denial-of-service attack.

* Denial-of-service in Multi-Queue Block IO queued request handling.

A logic error in the block multi queue code could result in a kernel crash.
This could be used to cause a denial-of-service attack.

* Memory leak in block bio layer when adding a page fails.

A failure to properly handle an error condition with adding a page in the
block bio layer results in a memory leak.  This could be exploited to cause
a denial-of-service attack.

* Invalid write access for mapped pages in MLX5 driver.

A logic error in the mlx5 page fault handler could incorrectly give write
access to mapped pages instead of read-only.

* Denial-of-service in Xen ioctl when processing command input.

A failure to validate user input in the Xen ioctl code could result in an
out of bounds memory access, leading to possible memory corruption or a
kernel panic.  This could be used for a denial-of-service attack.

* NULL pointer dereference in fair schedule load calculation.

A race condition in the fair scheduler code could lead to a NULL pointer
dereference and possible memory corruption or kernel panic.

* Denial-of-service in device mapper integrity argument check.

A logic error in the dm integrity code could lead to an out-of-bounds
memory access and possible segfault.  This could be exploited for a
denial-of-service attack.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.