[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 ( FEDORA-2017-78c4c71539)

Fri Sep 8 03:50:42 PDT 2017

Synopsis:  FEDORA-2017-78c4c71539 can now be patched using Ksplice
CVEs: CVE-2017-7558

Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update,  FEDORA-2017-78c4c71539.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Use-after-free in audit watch removal.

Incorrect use of reference counting in the audit framework can result in
a use-after-free. A local user with the ability to use the audit
framework could use this flaw to escalate privileges.

* Use-after-free in ALSA sequencer queue creation.

A race condition when creating a queue for use in the ALSA sequencer can
result in a use-after-free. A local user with access to ALSA could use
this flaw to escalate privileges.

* Use-after-free in get_mempolicy due to incorrect reference counting.

A reference count error in the get_mempolicy ioctl implementation can
result in a use-after-free. A local user could use this flaw to
escalate privileges.

* CVE-2017-7558: Information disclosure in SCTP diagnostic reporting.

Incorrect sanitisation of information in the SCTP diagnostic information
reporting can result in uninitialised memory being provided to
userspace.  A local user could use this flaw to facilitate a further
attack on the kernel.

* Denial-of-service in Memory CGroup destruction.

A logic error when freeing memory allocated by the Memory cgroup
controller can result in a memory leak. A local user with the ability to
create and destroy memory cgroups could use this flaw to exhaust kernel
memory, resulting in a denial of service.

* ASLR bypass due to insufficient permissions checks in move_pages.

A failure to correctly check permissions when using the move_pages
system call can allow an attacker to map out the address space of a
process which shares the same uid. A local user could use this flaw to
facilitate a further attack.

* Denial-of-service in module warnings due to incorrect memory permissions.

A configuration error in the module build process results in modules
causing a kernel crash when attempting to assert a WARN_ONCE statement.
A local user with the ability to trigger a WARN_ONCE in a kernel module
could use this flaw to cause a denial-of-service.

* Out-of-bounds access when using AVX2 instructions for SHA1.

An error when using AVX2 instruction on X86 with SHA1 could lead to an
out of bound access. A local attacker could use this flaw to cause a
denial-of-service.

* SMAP bypass in NMI handler.

A failure to clear a flag in the non-maskable interrupt handler can
result in Supervisor Mode Access Prevention being disabled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.