[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2017-10faeda281)

Oracle Ksplice ksplice-support_ww at oracle.com
Wed Nov 8 02:50:41 PST 2017 

Synopsis: FEDORA-2017-10faeda281 can now be patched using Ksplice
CVEs: CVE-2017-15299 CVE-2017-16535

Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-10faeda281.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-15299: Denial-of-service in uninstantiated key configuration.

A failure to check whether or not a key is instantiated before
performing operations on it can result in a NULL pointer dereference,
leading to a kernel crash. A local user could use this flaw to cause a
denial-of-service.


* Denial-of-service when sending data from user space to USB devices.

A logic error in the kernel interface to user space USB driver could
lead to an invalid memory access. A local attacker could use this flaw
to cause a denial-of-service.


* CVE-2017-16535: Out-of-bounds memory access when reading USB descriptors.

A missing check when reading USB descriptors could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.


* Use-after-free when stopping USB XHCI driver.

A missing check when stopping XHCI driver could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when stopping an USB device connected to a XHCI host controller.

A missing check when stopping an USB device connected to a XHCI host
controller could lead to a deadlock or to a memory leak. A local
attacker could use this flaw to cause a denial-of-service.


* NULL pointer dereference when initializing a CAN socket.

A missing error check when initializing a CAN socket could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* NULL pointer dereference when revoking a master key of type 'user'.

A missing check when requesting a user key after revoking the associated
master key could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.


* NULL pointer dereference when handling Nvidia Nouveau related interrupt.

A missing check when handling an interrupt in the Nvidia Nouveau driver
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* Invalid memory access when accessing DiBcom 3000P/M-C Tuner device.

An invalid setup of USB DMA when accessing DiBcom 3000P/M-C Tuner device
could lead to invalid memory accesses. A local attacker could use this
flaw to cause a denial-of-service.


* NULL pointer dereference when probing bus capabilities in HD-Audio driver.

A missing check when probing bus capabilities in HD-Audio driver could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.


* Out-of-bounds access when receiving short packets over Broadcom FullMAC WLAN driver.

A missing check on received short packets length in Broadcom FullMAC
WLAN driver could lead to an out-of-bounds access. A remote attacker
could use this flaw to cause a denial-of-service.


* NULL pointer dereference when revoking a master key of type 'user' in RSA verification.

A missing check when requesting a user key after revoking the associated
master key when doing RSA verification could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.


* NULL pointer dereference when revoking a master key of type 'user' in fscrypt driver.

A missing check when requesting a user key after revoking the associated
master key could lead to a NULL pointer dereference in fscrypt driver. A
local attacker could use this flaw to cause a denial-of-service.


* NULL pointer dereference when revoking a master key of type 'user' in ecryptfs driver.

A missing check when requesting a user key after revoking the associated
master key could lead to a NULL pointer dereference in ecryptfs driver.
A local attacker could use this flaw to cause a denial-of-service.


* NULL pointer dereference when revoking a master key of type 'user' in FScache driver.

A missing check when requesting a user key after revoking the associated
master key could lead to a NULL pointer dereference in FSCache driver. A
local attacker could use this flaw to cause a denial-of-service.


* NULL pointer dereference when parsing PKCS#7 format messages for signature data.

A missing check when parsing PKCS#7 format messages for signature data
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* NULL pointer dereference when using direct write with XFS filesystem.

A logic error when using direct write through XFS filesystem driver
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.


* Memory leak when copying a file using copy-on-write in XFS filesystem.

A missing check when copying a file using copy-on-write in XFS
filesystem could lead to a Memory leak. A local attacker could use this
flaw to cause a denial-of-service.


* Data corruption when using finsert and fcollapse commands with XFS filesystem.

A missing check when using finsert and fcollapse commands with XFS
filesystem could lead to a data corruption on filesystem. A local
attacker could use this flaw to corrupt sensitive data.


* Permission bypass after changing permissions on XFS filesystem.

A missing check on return error after setting permissions of an object
on XFS filesystem could lead to wrong permissions being set. A local
attacker could use this flaw to access sensitive data.


* NULL pointer dereferences caused by B+trees manipulation in XFS filesystem.

Logic errors when manipulation B+trees in XFS driver could lead to NULL
pointer dereferences. A local attacker could use this flaw to cause a
denial-of-service.


* Data corruption when doing concurrent writes on XFS filesystem.

A logic error when doing concurrent writes on XFS filesystem could lead
to data corruption. A local attacker could use this flaw to cause a
denial-of-service.


* Invalid memory access when initializing master playback in HD-Audio driver.

A logic error when initializing master playback in HD-Audio driver
could lead to invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-26-Updates mailing list