[Ksplice-Fedora-27-updates] New Ksplice updates for Fedora 27 (FEDORA-2017-1ebb87e7c0)

Oracle Ksplice ksplice-support_ww at oracle.com
Fri Jan 5 04:17:35 PST 2018 

Synopsis: FEDORA-2017-1ebb87e7c0 can now be patched using Ksplice
CVEs: CVE-2017-16911 CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-17741 CVE-2017-17805 CVE-2017-17806

Systems running Fedora 27 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-1ebb87e7c0.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 27
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-17806: Denial-of-service in HMAC algorithms.

Invalid algorithm combinations could result in buffer overflows or other
undefined behaviour when using a keyed hash algorithm.  A local,
unprivileged user could use this flaw to crash the system, or
potentially, escalate privileges.


* CVE-2017-17805: Denial-of-service in SALSA20 block cipher.

Incorrect handling of zero length buffers could result in an invalid
pointer dereference and kernel crash.  A local, unprivileged user could
use this flaw to crash the system, or potentially, escalate privileges.


* CVE-2017-17741: Denial-of-service in kvm_mmio tracepoint.

An out-of-bounds access in the kvm_mmio tracepoint could result in a
kernel crash.  A malicious guest could use this flaw to crash the
virtualization host.


* Use-after-free in authenticated encryption NULL cipher.

Incorrect reference count manipulation when freeing a NULL authenticated
encryption cipher in the crypto subsystem can result in an early free
leading to a use-after-free. A local user could use this flaw to
escalate privileges.


* Denial-of-service during RSA verification operation.

A logic error when parsing an RSA key can result in reading one byte
past the end of an allocated buffer. A local user could use this flaw to
cause a Kernel crash, resulting in a denial-of-service.


* Denial-of-service in AF_ALG resource cleanup.

A failure to correctly handle an error case can result in a NULL pointer
dereference leading to a Kernel crash and denial-of-service.


* Denial-of-service during CIFS filesystem read operation.

A failure to correctly handle an error case can result in a NULL pointer
dereference leading to a Kernel crash and denial-of-service.


* Denial-of-service due to race condition in NFS permissions caching.

A race condition in the NFS server implementation when processing group
ownership information can result in corruption of groups leading to
permissions denials for clients. A remote user with access to an NFS
filesystem could use this flaw to cause a denial-of-service.


* CVE-2017-16914: Denial-of-service in USB over IP NULL transfer buffer handling.

A failure to correctly validate a NULL transfer buffer in the USB over
IP subsystem can result in a NULL pointer dereference, leading to a
Kernel crash. A local user with access to a USB over IP device could use
this flaw to cause a denial-of-service.


* Denial-of-service due to race in XHCI virtual device addition.

A race condition when adding new virtual XHCI devices can result in a
NULL pointer dereference leading to a Kernel crash.


* Denial-of-service in Infiniband alternate port number setting.

A failure to validate an alternate port number supplied from userspace
can result in a out-of-bounds access, leading to a Kernel crash. A local
user with access to an Infiniband device could use this flaw to cause a
denial-of-service.


* Denial-of-service in NFS server inode commit handling.

A logic error when processing an inode with no pending commit requests
can lead to a Kernel crash.


* Use-after-free in SCSI request queue debug information retrieval.

A race condition when fetching SCSI request queue debug information can
result in a use-after-free. A local user with access to debugfs could
use this flaw to cause a denial-of-service, or potentially escalate
privileges.


* Denial-of-service during device mapper thin pool module load.

A race condition when loading the thin pool device mapper target and
attempting to create a thin pool can result in a NULL pointer
dereference leading to a Kernel crash. A local user with the ability to
administer the device mapper could use this flaw to cause a
denial-of-service.


* Denial-of-service in ext4 access control list processing for new inodes.

A failure to handle an error case when an ACL is not available for an
inode can result in an invalid pointer dereference leading to a Kernel
crash. A local user with access to an ext4 filesystem could use this
flaw to cause a denial-of-service.


* Denial-of-service during mount of ext4 filesystem with small directory entry.

A failure to handle an error case where the size of a directory is
smaller than the block size of the filesystem can result in undefined
behaviour leading to a Kernel crash. A local user with the ability to
mount filesystems could use this flaw to cause a denial-of-service.


* Use-after-free in Thunderbolt PCI Express device activation.

A logic error when activating PCI Express devices over Thunderbolt can
result in a use-after-free. A local user could use this flaw to cause
undefined behaviour or potentially escalate privileges.


* Information disclosure in IP Virtual Server procfs output.

A failure to correctly handle network namespaces in the procfs output
from the IP Virtual Server implementation can result in the disclosure
of information from other network namespaces. A local user could use
this flaw to facilitate a further attack.


* Use-after-free in iSCSI target command rejection.

A race condition in the iSCSI target driver when rejecting a command can
result in a use-after-free.


* Denial-of-service in iSCSI target registration.

A failure to free memory in an error case can result in a memory leak. A
local user with the ability to configure iSCSI could use this flaw to
exhaust system memory resulting in a denial-of-service.


* Use-after-free when closing Bluetooth tty.

A race condition when closing a Bluetooth tty can result in a
use-after-free. A local user with access to a Bluetooth tty could use
this flaw to cause a Kernel crash or potentially escalate privileges.


* Denial-of-service in BTRFS panic handling.

A failure to check for a NULL pointer in the BTRFS panic handler can
result in a NULL pointer dereference leading to a Kernel crash. A local
user with the ability to mount filesystems could use this flaw to cause
a Denial-of-service.


* Use-after-free in NVMe namespace lookup.

A race condition when looking up an NVMe namespace can result in a
use-after-free. A local user with access to an NVMe device could use
this flaw to cause a Kernel crash or potentially escalate privileges.


* Denial-of-service in RTL8188EU WiFi command creation.

A logic error when creating some types of 802.11 command packets can
result in sleeping in an atomic section which can leading a Kernel crash
as a result of an assertion failure. A local user could use this flaw to
cause a denial-of-service.


* Denial-of-service in Brocade BFA Fibre Channel debugfs interface.

A failure to validate input to the Brocade BFA Fibre Channel debugfs
interface can result in a out-of-bounds memory access leading to a
Kernel crash. A local user with access to the BFA debugfs interface
could use this flaw to cause a denial-of-service.


* Out-of-bounds memory access in UDF Volume Structure Descriptor reading.

An arithmetic error in the UDF driver can result in an integer overflow
leading to and out-of-bounds memory access. A local user could use this
flaw to cause a Kernel crash or other unspecified impact.


* Denial-of-service in UDP fragmentation timeout.

A logic error when fragmented UDP packets take too long to be
reassembled can result an incorrect ICMP host unreachable packet being
sent, leading to a connection reset. A local user could use this flaw to
disrupt UDP connections, resulting in a denial-of-service.


* Use-after-free in LightNVM garbage collection invocation.

A race condition in the LightNVM NVMe driver can cause the garbage
collector to access freed memory. A local user could use this flaw to
crash the Kernel or potentially escalate privileges.


* Information disclosure in ath9k debugfs interface.

A failure to validate information from userspace could result in an
out-of-bounds memory access leading to stack information disclosure. A
local user with access to debugfs could use this flaw to facilitate a
further attack.


* CVE-2017-16911: Information disclosure in USB over IP HCI status report.

A failure to correctly sanitize information reported by the Kernel about
USB over IP HCI device can result in a sensitive memory address being
disclosed to userspace. A local, unprivileged user could use this flaw
to facilitate a further attack.


* CVE-2017-16912, CVE-2017-16913: Denial-of-service in USBIP command validation.

A validation error when parsing information from an USB over IP packet
can result in an out-of-bounds memory access leading to a Kernel crash.
A remote USB over IP client could use this flaw to cause a
denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-27-Updates mailing list