[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2017-f9f3d80442)

[Oracle Ksplice]

Synopsis: FEDORA-2017-f9f3d80442 can now be patched using Ksplice

Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-f9f3d80442.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Divide-by-zero in TCP New Vegas congestion control packet ack.

In rare cases, a logic flaw in the TCP New Vegas congestion control
algorithm could allow a divide-by-zero when acknowledging a packet,
causing a denial-of-service.


* Divide-by-zero when probing USB network devices.

USB network devices using the Communications Device Class or Qualcomm
MSM Interface protocols could potentially maliciously cause a
denial-of-service by presenting invalid functional descriptors and
causing a divide-by-zero.


* Denial-of-service when receiving from QMI WWAN device in raw IP mode.

Missing initialization code could cause a kernel oops and
denial-of-service when receiving packets from a QMI WWAN device in raw
IP mode.


* Memory leak in TCP generic segmentation offload with unusual buffers.

When disassembling a TCP generic segmentation offload buffer, some of the
resulting buffers might incorrectly be leaked if their sizes were not as
expected.


* Use-after-free in VLAN event handling due to incorrect reference counting.

Incorrect reference counting of a VLAN information structure could allow
a race condition, potentially allowing the structure to be freed while
still in use and causing memory corruption.


* Denial-of-service in Mellanox mlx5 ethernet page reuse code.

In rare cases, failing to allocate a DMA page could cause the page
structure to be double-freed, corrupting memory or causing a
denial-of-service.


* Information leak via IPv6 SCTP scope ids.

The IPv6 SCTP driver fails to initialize the scope_id field of the ipv6
address in some cases, potentially leaking information from the kernel
stack onto the network.


* Information leak via Trusted Platform Module communications buffer.

When transmitting a TPM command, the length of the buffer is not
properly checked, potentially allowing the buffer to contain
uninitialized data.


* Kernel information leak via mincore syscall.

When checking if memory pages are present via the mincore syscall,
walk_huge_tlbrange() does not properly check for missing pages in the
TLB range, potentially allowing mincore to return uninitialized data.


* Deadlock in OCFS2 when modifying attributes.

A lock ordering issue when modifying file attributes on the OCFS2
filesystem could in rare cases cause a deadlock and denial-of-service.


* Denial-of-service in page extension lookup code.

When allocating space for memory page extensions, certain edge cases are
not properly checked unless CONFIG_DEBUG_VM is enabled. This could lead
to an unhandled page fault and denial-of-service.


* Information leak via fsync in Coda filesystem.

Calling fsync on the Coda filesystem causes a larger-than-necessary
buffer to be copied to userspace via upcall, potentially leaking kernel
information to userspace.


* Double-free in Hauppauge HD video recorder probe.

Incorrect error handling when tearing down from a failed probe in the
Hauppauge HD video recorder driver could cause memory to be freed
multiple times, resulting in memory corruption or a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.