[Ksplice-Fedora-26-updates] New Ksplice updates for Fedora 26 (FEDORA-2017-6764d16965)

[Oracle Ksplice]

Synopsis: FEDORA-2017-6764d16965 can now be patched using Ksplice
CVEs: CVE-2017-14051

Systems running Fedora 26 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-6764d16965.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 26
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service during key management API broadcast.

An incorrect memory allocation in the keyring subsystem could result in
a system deadlock. A local user could use this flaw to cause a
denial-of-service.


* Denial-of-service in DCCP socket teardown.

An assertion failure in the DCCP protocol stack can result in a kernel
crash. A local user could use this flaw to cause a denial-of-service.


* Denial-of-service in IPv4 metric accounting.

A failure to correctly handle an error case can result in a NULL pointer
dereference. A local user could use this flaw to cause a
denial-of-service.


* Denial-of-service via tun device queue manipulation.

A logic error in ring buffer management can result in a kernel crash. A
local user could use this flaw to cause a denial-of-service.


* Information disclosure in SCTP socket initialisation.

A failure to correctly initialise a structure could result in the kernel
operating on uninitialised memory. A local user could use this flaw to
facilitate a further attack.


* Use-after-free in TIPC send implementation.

A failure to mark a structure as freed can result in a use-after-free. A
local user could use this flaw to escalate privileges.


* Use-after-free during IPv6 routing table entry replacement.

A failure to correctly configure the routing table when replacing a
route can lead to a use-after-free. A local user with the ability to
manipulate the routing table could use this flaw to escalate privileges.


* Denial-of-service when adding IPv6 route.

A failure to handle an error case when adding a new IPv6 route can
result in a NULL pointer dereference. A local user with the ability to
manipulate the routing table could use this flaw to escalate privileges.


* Information disclosure via IRDA socket operations.

A failure to correctly sanitize kernel memory in the IRDA subsystem can
result in sensitive kernel information being leaked to userspace. A
local user could use this flaw to facilitate a further attack.


* Denial-of-service in traffic control target manipulation.

A failure to clear memory when adding new targets in the traffic control
subsystem can result in a NULL pointer dereference. A local user with
the ability to configure network interfaces could use this flaw to cause
a denial-of-service.


* Use-after-free when freeing a transparent hugepage backed memory.

Incorrect locking when freeing a page which is backed by a transparent
hugepage can resuln in freeing a locked page. A local user could use
this flaw to to cause a denial-of-service or potentially escalate
privileges.


* Denial-of-service due to incorrect reference counting in fork.

An incorrect decrement of a reference counter in an error path can
result in a NULL pointer dereference during a fork syscall. A local user
could use this flaw to cause a denial-of-service.


* Denial-of-service in DRM fence signaling.

A failure to clear memory can result in unintentional duplication of
file descriptors, leading to an assertion failure. A local user with
access to DRM could use this flaw to cause a denial-of-service.


* Denial-of-service in RDMA completion queue creation.

A logic error when creating a completion queue without an associated
completion channel can result in a NULL pointer dereference. A local
user with access to RDMA could use this flaw to cause a
denial-of-service.


* Remote denial-of-service in NFSv4 write operation processing.

A logic error when decoding write requests can result in a buffer
overrun, leading to memory corruption or a Kernel crash. A remote NFSv4
client could use this flaw to cause a denial-of-service on the NFSv4
server.


* Use-after-free in process initialisation during fork.

A failure to handle an error case during a fork can result in duplicate
references to a structure which is later freed when one task ends,
resulting in a use-after-free. A local user could use this flaw to cause
a denial-of-service or potentially escalate privileges.


* Denial-of-service during NFS connection acceptance.

A race condition when handling new connections from NFS clients which
already have packets waiting can result in a NULL pointer dereference. A
remote NFS client could use this flaw to cause a denial-of-service.


* Out-of-bounds memory access in chacha20 crypto implementation.

A failure to correctly check data size can result in a buffer overrun. A
local user could use this flaw to cause a denial-of-service or
potentially escalate privileges.


* Denial-of-service in skcipher page manipulation.

A logic error when freeing an skcipher request can result in
decrementing a reference count on a page which was not incremented.
A local user could use this flaw to cause a kernel crash, resulting in a
denial-of-service.


* Denial-of-service in IP transformation configuration.

A failure to validate userspace information can result in an
out-of-bounds array access, leading to undefined behaviour or a kernel
crash. A local user with the ability to configure the IP transformation
framework could use this flaw to cause a denial-of-service.


* Denial-of-service in epoll cleanup handler.

A race condition during cleanup of an epoll instance can result in a
use-after-free. A local user could use this flaw to cause a kernel
crash, resulting in a denial-of-service.


* Use-after-free in DCCP socket destruction.

A race condition when destroying a DCCP socket can result in
use-after-free. A local user could use this flaw to cause a
denial-of-service or potentially escalate privileges.


* Out-of-bounds access in IPv4 MTU update.

A race condition in the IPv4 stack can result in an out-of-bounds memory
access when reducing an interface MTU. A local user with the ability to
administer network interfaces could use this flaw to cause a
denial-of-service.


* CVE-2017-14051: Denial-of-service in qla2xxx sysfs handler.

A failure to validate information from userspace can result in an
unbounded kernel memory allocation. A local user could use this flaw to
cause memory exhaustion or a kernel crash, resulting in a
denial-of-service.


* Denial-of-service in BPF trace print handling.

A logic error in the processing of arguments when printing from BPF
programs can lead to a NULL pointer dereference. A local user with the
ability to trace BPF programs could use this flaw to cause a
denial-of-service.


* Denial-of-service during DAX page fault processing.

A validation failure when processing page faults in a DAX filesystem can
result in a deadlock. A local user with access to a DAX filesystem could
use this flaw to cause a denial-of-service.


* Denial-of-service in CPU assignment of perf groups.

A logic error in the perf subsystem can result in incorrect CPU
assignment of perf groups resulting in a deadlock. A local user with the
ability to use perf could use this flaw to cause a denial-of-service.


* Denial-of-service due to uninitialised expectation.

A logic error in netfilter can result the kernel operating on an
uninitialised expectation. This could result in a kernel crash, leading
to a denial of service.


* Denial-of-service in netlink message validation.

A validation failure when parsing a netlink message can result in the
Kernel processing uninitialised memory. A local user with the ability to
send netlink messages could use this flaw to cause a Kernel crash,
resulting in a denial-of-service.


* Permissions bypass in BPF program filter validation.

A bounds checking error during BPF validation can result in invalid BPF
programs being accepted into the Kernel. A local user with the ability
to load BPF programs could bypass restrictions imposed on injected code.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.