[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2017-31d7720d7e)
Oracle Ksplice
ksplice-support_ww at oracle.com
Mon Nov 20 11:45:16 PST 2017
Synopsis: FEDORA-2017-31d7720d7e can now be patched using Ksplice
CVEs: CVE-2017-1000380 CVE-2017-16538
Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-31d7720d7e.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Improved fix for CVE-2017-1000380: Information leak when reading timer information from ALSA devices.
A race condition when reading timer information from ALSA driver results
in use-after-free which leads to kernel information leaking into
userspace. A local attacker could use this flaw to get information about
running kernel and facilitate an attack.
* Denial-of-service when validating CIFS path.
A validation error combined with a memory leak in error path could
result in kernel memory exhaustion. A malicious user can exploit this to
cause denial-of-service.
* Userspace memory corruption when reading key.
An out-of-bound write in kernel key management facility results in
user memory corruption. This could result in incorrect control flow and
denial-of-service in userspace.
* Denial-of-service when parsing ASN.1 key.
Out-of-bound read in the kernel key management facility when parsing
ASN.1 key could lead to kernel crash. An unprivileged attacker can
exploit this vulnerability to cause denial-of-service.
* Denial-of-service when handling page fault through userfaultfd.
Incorrect error handling during userfaultfd UFFDIO_COPY ioctl operation
leads to kernel crash. An attacker can exploit this to cause
denial-of-service.
* Data corruption when trimming OCFS2 filesystem.
A bug in the implementation of FITRIM ioctl in OCFS2 could result in
data corruption when trimming the filesystem. The resulting corruption
cannot be fixed using fsck.
* CVE-2017-16538: Denial-of-service in DVB-USB subsystem.
A missing warm-start check and incorrect attach timing allows local
users to cause a denial of service (general protection fault and system
crash) or possibly have unspecified other impact via a crafted USB
device.
* Denial-of-service when terminating process.
A race condition in the fast mutex subsystem results in a kernel crash
when cleaning up the memory allocated to a process. An unprivileged
local user could exploit this to cause denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-26-Updates
mailing list