[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2017-165671b9db)

Wed Jul 19 07:02:45 PDT 2017

Synopsis: FEDORA-2017-165671b9db can now be patched using Ksplice
CVEs: CVE-2017-1000365 CVE-2017-10911 CVE-2017-7482 CVE-2017-7518

Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-165671b9db.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2017-10911: Information leak in Xen block-device backend driver.

A data structure allocated on stack in Xen block-device backend driver
may leak sensitive data through padding fields. A malicious unprivileged
guest may be able to obtain sensitive information from the host or other
guests.

* CVE-2017-1000365: Local security bypass when performing exec.

A logic error allows an unprivileged local user to bypass arguments and
environmental strings size limit when performing exec syscall. An
attacker can exploit this to exhaust kernel memory which may lead to
privilege escalation.

* Denial-of-service when routing autofs ioctl control command.

A logic error in handling ioctl control command failure leads to a null
pointer dereference. An attacker can exploit this to cause
denial-of-service.

* CVE-2017-7518: Privilege escalation in KVM emulation subsystem.

An implementation error in the syscall instruction emulation in KVM
leads to a kernel exception raised in userspace. A user/process inside
guest could use this flaw to potentially escalate their privileges
inside guest.

* Denial-of-service when generating random number.

Inconsistent lock ordering in random number generator may lead to
deadlock inside the kernel. A malicious user can exploit this to cause
denial-of-service.

* Denial-of-service when rescheduling timer.

A logic error when rescheduling a process in response to signal with
SI_TIMER signal code leads to kernel memory corruption and eventual
kernel crash. A local user can exploit this vulnerability to cause
denial-of-service.

* Use-after-free in Linux SCSI Target fabric driver.

A reference counting error when aborting transport command in Linux SCSI
Target fabric driver leads to a use-after-free in kernel. This could
allow a local user to escalate privilege.

* CVE-2017-7482: Memory corruption when decoding Keberos 5 ticket.

A boundary condition error when decoding Keberos 5 tickets using the
RXRPC keys leads to local buffer overflow. This could lead to memory
corruption and possible privilege escalation.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.