[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2017-96bebe1626)
Oracle Ksplice
ksplice-support_ww at oracle.com
Tue Nov 28 06:41:53 PST 2017
Synopsis: FEDORA-2017-96bebe1626 can now be patched using Ksplice
CVEs: CVE-2017-13080 CVE-2017-16646
Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-96bebe1626.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Out-of-bounds access when getting packet's size with Generic Segmentation Offload.
A logic error when computing packet's size with Generic Segmentation
Offload could lead to an out-of-bounds access. A remote attacker could
use this flaw to cause a denial-of-service.
* Invalid memory accesses when dumping netlink information.
Logic errors when dumping netlink information could lead to invalid
memory accesses. A local attacker could use this flaw to cause a
denial-of-service.
* Invalid memory access when cloning a socket.
A logic error when cloning a socket could lead to an invalid memory
access in case the cloned socket needs to be freed early. A local
attacker could use this flaw to cause a denial-of-service.
* Memory leak when using IEEE 802.1AE MAC-level encryption.
A missing free when encrypting or decrypting MAC addresses with IEEE
802.1AE MAC-level encryption could lead to a memory leak. A local
attacker could use this flaw to cause a denial-of-service.
* NULL pointer dereference when using session ioctl of Layer Two Tunneling Protocol (L2TP).
A missing check when using session ioctl of Layer Two Tunneling Protocol
(L2TP) could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.
* Race condition while setting ACK option on AF netlink socket.
Missing checks when setting ACK option on AF netlink socket could lead
to a race condition and to a kernel warning. A local attacker could use
this flaw to flood the system log and cause a denial-of-service.
* Use-after-free when using redirect in Stream Control Transmission Protocol.
A missing check when using ICMP redirect functionality with Stream
Control Transmission Protocol could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.
* Denial-of-service when getting packet rollover stats on a socket.
A locking error when getting packet rollover stats on a socket could
lead to a kernel panic. A local attacker could use this flaw to cause a
denial-of-service.
* NULL pointer dereference in ipv6 flowlabel functionality.
Usage of uninitialized memory when using ipv6 flowlabel functionality
could lead to a NULL pointer dereference. A local attacker could use
this flaw to cause a denial-of-service.
* NULL pointer dereference when registering a distributed switch.
Missing checks when registering a distributed switch could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.
* Information leak when using UNIX socket monitoring interface.
A missing check when using UNIX socket monitoring interface could leak
information of a socket from another net namespace. A local attacker
could use this flaw to leak information about another net namespace.
* Double-free when opening a TAP device.
A logic error in error path when opening a TAP device could lead to a
double free. A local attacker could use this flaw to cause a
denial-of-service.
* Deadlock when using Mellanox Technologies ConnectX-4 and Connect-IB core driver.
A locking error in health code of Mellanox Technologies ConnectX-4 and
Connect-IB core driver could lead to a deadlock. A local attacker could
use this flaw to cause a denial-of-service.
* Denial-of-service when migrating socket to another one using Stream Control Transmission Protocol.
A logic error when migrating socket to another one using Stream Control
Transmission Protocol could lead to a memory leak or overflow. A local
attacker could use this flaw to cause a denial-of-service.
* NULL pointer dereference when adding a queuing discipline to a network interface.
A missing check when adding a new queuing discipline to a network
interface with an invalid parent could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a
denial-of-service.
* Use-after-free when attaching a PPPoX to a tunnel UDP socket in Layer Two Tunneling Protocol.
A logic error when attaching a PPPoX to a tunnel UDP socket in Layer Two
Tunneling Protocol could lead to a use-after-free. A local attacker
could use this flaw to cause a denial-of-service.
* Deadlock when using TUNSETSNDBUF ioctl of TAP driver.
A missing check on user input when using TUNSETSNDBUF ioctl in TAP
driver could lead to a deadlock. A local attacker could use this flaw to
cause a denial-of-service.
* Memory leak when restoring routes for permanent IPV6 addresses.
A missing reference count incrementation when restoring routes for
permanent IPV6 addresses could lead to a memory leak. A local attacker
could use this flaw to cause a denial-of-service.
* Use-after-free when probing IPV4 MTU.
A logic error when probing IPV4 MTU could lead to a use-after-free. A
local attacker could use this flaw to cause a denial-of-service.
* Out-of-bounds access when using IMS Passenger Control Unit Devices.
A missing check when using IMS Passenger Control Unit Devices could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
* Memory leak when setting SO_REUSEPORT socket option.
A double allocation when setting SO_REUSEPORT socket option could lead
to a memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.
* CVE-2017-13080: Key Reinstallation Attacks (KRACK) on WPA2 protocol.
A weakness in the four-way handshake of the WPA2 protocol allows an
attacker within radio range to force reuse a nonce. This could allow he
attacker to eavesdrop on encrypted communications as well as inject and
manipulate data into a WiFi stream.
* NULL pointer dereference when registering SoundGraph iMON Receiver and Display driver.
A missing check when registering SoundGraph iMON Receiver and Display
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.
* CVE-2017-16646: Denial-of-service when using DiBcom DiB0700 USB DVB devices.
Logic errors when using DiBcom DiB0700 USB DVB devices could lead to a
kernel panic. A local attacker could use this flaw to cause a
denial-of-service.
* Use-after-free when setting secret with Diffie-Hellman cryptographic algorithm.
An extra free when setting secret with Diffie-Hellman cryptographic
algorithm could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.
* Buffer underflow when decoding a key using Diffie-Hellman cryptographic algorithm.
A missing check on user input when decoding a key using Diffie-Hellman
cryptographic algorithm could lead to a buffer underflow. A local
attacker could use this flaw to cause a denial-of-service.
* Memory leak when registering a Garmin GPS device.
A missing error handling when registering a Garmin GPS device could lead
to a memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.
* Invalid memory access when handling "uncorrected error" in AMD Machine check.
A logic error when handling "uncorrected error" in AMD Machine check
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-26-Updates
mailing list