[Ksplice-Fedora-27-updates] New Ksplice updates for Fedora 27 (FEDORA-2017-abda708cee)

Wed Nov 22 06:35:38 PST 2017

Synopsis: FEDORA-2017-abda708cee can now be patched using Ksplice
CVEs: CVE-2017-1000380 CVE-2017-15115 CVE-2017-16538

Systems running Fedora 27 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-abda708cee.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 27
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Improved fix for CVE-2017-1000380: Information leak when reading timer information from ALSA devices.

A race condition when reading timer information from ALSA driver results
in use-after-free which leads to kernel information leaking into
userspace. A local attacker could use this flaw to get information about
running kernel and facilitate an attack.

* Denial-of-service when validating CIFS path.

A validation error combined with a memory leak in error path could
result in kernel memory exhaustion. A malicious user can exploit this to
cause denial-of-service.

* Userspace memory corruption when reading key.

An out-of-bound write in kernel key management facility results in
user memory corruption. This could result in incorrect control flow and
denial-of-service in userspace.

* Denial-of-service when parsing ASN.1 key.

Out-of-bound read in the kernel key management facility when parsing
ASN.1 key could lead to kernel crash. An unprivileged attacker can
exploit this vulnerability to cause denial-of-service.

* Denial-of-service when handling page fault through userfaultfd.

Incorrect error handling during userfaultfd UFFDIO_COPY ioctl operation
leads to kernel crash. An attacker can exploit this to cause
denial-of-service.

* Data corruption when trimming OCFS2 filesystem.

A bug in the implementation of FITRIM ioctl in OCFS2 could result in
data corruption when trimming the filesystem. The resulting corruption
cannot be fixed using fsck.

* Denial-of-service when terminating process.

A race condition in the fast mutex subsystem results in a kernel crash
when cleaning up the memory allocated to a process. An unprivileged
local user could exploit this to cause denial-of-service.

* CVE-2017-16538: Denial-of-service in DVB-USB subsystem.

A missing warm-start check and incorrect attach timing allows local
users to cause a denial of service (general protection fault and system
crash) or possibly have unspecified other impact via a crafted USB
device.

* Denial-of-service due to race condition in workqueue manipulation.

A race condition during concurrent manipulation of a workqueue by a
kernel thread and an interrupt handler can result in a NULL pointer
dereference, leading to a Kernel crash.

* Out-of-bounds access in Cyclic Counter Mode block cipher implementation.

Incorrect manipulation of an initialisation vector when performing
cryptographic operations using Cyclic Counter Mode can result in an
out-of-bounds memory access, leading to undefined behaviour or a Kernel
crash. A local user could use this flaw to cause a denial-of-service.

* Denial-of-service in AVX2 SHA256 implementation.

An unaligned access in the AVX2 SHA256 implementation can result in a Kernel
crash. A local user could use this flaw to cause a denial-of-service.

* Denial-of-service in ASN.1 certificate parsing.

A logic error when parsing an ASN.1 encoded certificate can result in a
NULL pointer dereference. A local user user could use this flaw to cause
a denial-of-service.

* Out-of-bounds memory access in OSS emulation.

A logic error in the ALSA emulation of an OSS sequencer can result in an
out-of-bounds memory access when processing events, leading to undefined
behaviour or a Kernel crash. A local user could use this flaw to cause a
denial-of-service.

* Denial-of-service in Ceph RADOS Block Device cloned images.

A logic error when processing cloned Ceph images stored on a RADOS Block
Device can result in a deadlock. A local user with access to a Ceph
filesystem could use this flaw to cause a denial-of-service.

* CVE-2017-15115: Use-after-free in SCTP peel off operation inside network namespace.

A logic error when performing an SCTP peel off operation from a network
namespace can result in an incorrect free, leading to a subsequent
use-after-free. A local user could use this flaw to cause a
denial-of-service, or potentially escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.