[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2017-10faeda281)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed Nov 8 02:50:41 PST 2017
Synopsis: FEDORA-2017-10faeda281 can now be patched using Ksplice
CVEs: CVE-2017-15299 CVE-2017-16535
Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-10faeda281.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2017-15299: Denial-of-service in uninstantiated key configuration.
A failure to check whether or not a key is instantiated before
performing operations on it can result in a NULL pointer dereference,
leading to a kernel crash. A local user could use this flaw to cause a
denial-of-service.
* Denial-of-service when sending data from user space to USB devices.
A logic error in the kernel interface to user space USB driver could
lead to an invalid memory access. A local attacker could use this flaw
to cause a denial-of-service.
* CVE-2017-16535: Out-of-bounds memory access when reading USB descriptors.
A missing check when reading USB descriptors could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* Use-after-free when stopping USB XHCI driver.
A missing check when stopping XHCI driver could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Denial-of-service when stopping an USB device connected to a XHCI host controller.
A missing check when stopping an USB device connected to a XHCI host
controller could lead to a deadlock or to a memory leak. A local
attacker could use this flaw to cause a denial-of-service.
* NULL pointer dereference when initializing a CAN socket.
A missing error check when initializing a CAN socket could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.
* NULL pointer dereference when revoking a master key of type 'user'.
A missing check when requesting a user key after revoking the associated
master key could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.
* NULL pointer dereference when handling Nvidia Nouveau related interrupt.
A missing check when handling an interrupt in the Nvidia Nouveau driver
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* Invalid memory access when accessing DiBcom 3000P/M-C Tuner device.
An invalid setup of USB DMA when accessing DiBcom 3000P/M-C Tuner device
could lead to invalid memory accesses. A local attacker could use this
flaw to cause a denial-of-service.
* NULL pointer dereference when probing bus capabilities in HD-Audio driver.
A missing check when probing bus capabilities in HD-Audio driver could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.
* Out-of-bounds access when receiving short packets over Broadcom FullMAC WLAN driver.
A missing check on received short packets length in Broadcom FullMAC
WLAN driver could lead to an out-of-bounds access. A remote attacker
could use this flaw to cause a denial-of-service.
* NULL pointer dereference when revoking a master key of type 'user' in RSA verification.
A missing check when requesting a user key after revoking the associated
master key when doing RSA verification could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.
* NULL pointer dereference when revoking a master key of type 'user' in fscrypt driver.
A missing check when requesting a user key after revoking the associated
master key could lead to a NULL pointer dereference in fscrypt driver. A
local attacker could use this flaw to cause a denial-of-service.
* NULL pointer dereference when revoking a master key of type 'user' in ecryptfs driver.
A missing check when requesting a user key after revoking the associated
master key could lead to a NULL pointer dereference in ecryptfs driver.
A local attacker could use this flaw to cause a denial-of-service.
* NULL pointer dereference when revoking a master key of type 'user' in FScache driver.
A missing check when requesting a user key after revoking the associated
master key could lead to a NULL pointer dereference in FSCache driver. A
local attacker could use this flaw to cause a denial-of-service.
* NULL pointer dereference when parsing PKCS#7 format messages for signature data.
A missing check when parsing PKCS#7 format messages for signature data
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* NULL pointer dereference when using direct write with XFS filesystem.
A logic error when using direct write through XFS filesystem driver
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* Memory leak when copying a file using copy-on-write in XFS filesystem.
A missing check when copying a file using copy-on-write in XFS
filesystem could lead to a Memory leak. A local attacker could use this
flaw to cause a denial-of-service.
* Data corruption when using finsert and fcollapse commands with XFS filesystem.
A missing check when using finsert and fcollapse commands with XFS
filesystem could lead to a data corruption on filesystem. A local
attacker could use this flaw to corrupt sensitive data.
* Permission bypass after changing permissions on XFS filesystem.
A missing check on return error after setting permissions of an object
on XFS filesystem could lead to wrong permissions being set. A local
attacker could use this flaw to access sensitive data.
* NULL pointer dereferences caused by B+trees manipulation in XFS filesystem.
Logic errors when manipulation B+trees in XFS driver could lead to NULL
pointer dereferences. A local attacker could use this flaw to cause a
denial-of-service.
* Data corruption when doing concurrent writes on XFS filesystem.
A logic error when doing concurrent writes on XFS filesystem could lead
to data corruption. A local attacker could use this flaw to cause a
denial-of-service.
* Invalid memory access when initializing master playback in HD-Audio driver.
A logic error when initializing master playback in HD-Audio driver
could lead to invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-26-Updates
mailing list