[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2017-62e3a94f2a)
Oracle Ksplice
ksplice-support_ww at oracle.com
Tue Nov 21 11:21:24 PST 2017
Synopsis: FEDORA-2017-62e3a94f2a can now be patched using Ksplice
CVEs: CVE-2017-15115
Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-62e3a94f2a.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Denial-of-service due to race condition in workqueue manipulation.
A race condition during concurrent manipulation of a workqueue by a
kernel thread and an interrupt handler can result in a NULL pointer
dereference, leading to a Kernel crash.
* Out-of-bounds access in Cyclic Counter Mode block cipher implementation.
Incorrect manipulation of an initialisation vector when performing
cryptographic operations using Cyclic Counter Mode can result in an
out-of-bounds memory access, leading to undefined behaviour or a Kernel
crash. A local user could use this flaw to cause a denial-of-service.
* Denial-of-service in AVX2 SHA256 implementation.
An unaligned access in the AVX2 SHA256 implementation can result in a Kernel
crash. A local user could use this flaw to cause a denial-of-service.
* Denial-of-service in ASN.1 certificate parsing.
A logic error when parsing an ASN.1 encoded certificate can result in a
NULL pointer dereference. A local user user could use this flaw to cause
a denial-of-service.
* Out-of-bounds memory access in OSS emulation.
A logic error in the ALSA emulation of an OSS sequencer can result in an
out-of-bounds memory access when processing events, leading to undefined
behaviour or a Kernel crash. A local user could use this flaw to cause a
denial-of-service.
* Denial-of-service in Ceph RADOS Block Device cloned images.
A logic error when processing cloned Ceph images stored on a RADOS Block
Device can result in a deadlock. A local user with access to a Ceph
filesystem could use this flaw to cause a denial-of-service.
* CVE-2017-15115: Use-after-free in SCTP peel off operation inside network namespace.
A logic error when performing an SCTP peel off operation from a network
namespace can result in an incorrect free, leading to a subsequent
use-after-free. A local user could use this flaw to cause a
denial-of-service, or potentially escalate privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-26-Updates
mailing list