[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2015-6294)

[Oracle Ksplice]

Synopsis: FEDORA-2015-6294 can now be patched using Ksplice
CVEs: CVE-2015-2150 CVE-2015-2922

Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2015-6294.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Frames filtering bypass in mesh forwarding in mac80211 stack.

A flaw in the mac80211 mesh forwarding allows un-encrypted frames to pass
through.  A remote attacker could use this flaw to inject un-encrypted
frames to an otherwise encrypted network.


* NULL pointer dereference in Intel WiFi driver when handling Bluetooth coex.

A missing pointer check in the Intel WiFi driver when handling Bluetooth
coex events could lead to a NULL pointer dereference and kernel crash under
certain conditions.


* Out-of-bounds memory read in Broadcom WiFi driver when reading vendor command.

Missing input validation in the Broadcom WiFi driver when reading vendor
commands could lead to an out-of-bounds memory read and kernel panic.  A
local, privileged user could use this flaw to cause a denial-of-service.


* Memory corruption in Multiple Device driver when destroying a device.

Incorrect locking in the Multiple Device driver when destroying a device
could lead to memory corruptions and kernel panic.  A local, privileged
user could use this flaw to cause a denial-of-service.


* Data corruption on hfsplus filesystem when inserting node at position zero.

A logic error in the hfsplus filesystem driver leads to on-disk data
corruption when inserting a node at position zero.


* CVE-2015-2150: Denial-of-service in Xen host from the guest.

A flaw in the Xen hypervisor allows guests to disable PCI_COMMAND on PCI
device reset, later causing a host crash when the guest tries to access the
device.  A local guest user could use this flaw to cause a
denial-of-service in the host.


* Deadlock in Broadcom TG3 Ethernet driver when initializing the device.

Incorrect locking in the Broadcom TG3 Ethernet driver when initializing the
device could lead to a deadlock under certain circumstances.  A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2015-2922: Denial-of-service of IPv6 networks when handling router advertisements.

A flaw in the IPv6 stack allowed a remote attacker on the same network to
set the hop limit to a smaller value than the default one, preventing
devices on that network to send or receive.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.