[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2017-9fbb35aeda)
Oracle Ksplice
ksplice-support_ww at oracle.com
Fri Nov 10 01:56:30 PST 2017
Synopsis: FEDORA-2017-9fbb35aeda can now be patched using Ksplice
CVEs: CVE-2017-12193
Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-9fbb35aeda.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service in Ceph I/O capability flushing.
A failure to correctly handle errors when flushing capabilities to disk
can result in a deadlock. A local user with access to a Ceph filesystem
could use this flaw to cause a Denial-of-service.
* Denial-of-service in OverlayFS inode allocation.
A failure to check for NULL can result in a NULL pointer dereference
when attempting to allocate an inode. A local user with access to an
OverlayFS filesystem could use this flaw to cause a denial-of-service.
* Out-of-bounds access during Xen Grant device memory unmapping.
A failure to handle an error case when mapping memory in a Xen Grant
device can result in an out-of-bounds access during unmap. A local user
with access to a Xen Grant device could use this flaw to cause undefined
behaviour or potentially escalate privileges.
* Denial-of-service during failure to mount SMBv2 share.
A failure to correctly handle a communication failure when mounting a
Server Message Block 2 share can result in a NULL pointer dereference
causing a Kernel crash. A local user could use this flaw to cause a
denial-of-service.
* Out-of-bounds access in GTCO CalComp/InterWrite USB tablet HID parsing.
A validation failure when parsing a HID report from a GTCO
CalComp/InterWrite USB tablet can result in an out-of-bounds memory
access. A user with physical access to a system could use this flaw to
cause undefined behaviour or potentially escalate privileges.
* CVE-2017-12193: Denial-of-service in generic associative array implementation.
A logic error when inserting a new entry into an associative array can
result in a NULL pointer dereference, leading to a Kernel crash. A local
user could use this flaw to cause a denial-of-service.
* Out-of-bounds access in SCSI device when creating a request table.
An off-by-one error when processing a list of SCSI requests can result
in an out-of-bounds memory access. A local user could use this flaw to
cause undefined behaviour or potentially escalate privileges.
* Denial-of-service in IPSEC transform policy netlink dump.
A failure to handle an error case when dumping IPSEC transform
information via netlink can result in a Kernel crash. A local user with
the ability to administer an IPSEC tunnel could use this flaw to cause a
denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-26-Updates
mailing list