[Ksplice-Fedora-28-updates] New Ksplice updates for Fedora 28 (FEDORA-2019-0a771739b5)

Tue Apr 2 12:49:51 PDT 2019

Synopsis: FEDORA-2019-0a771739b5 can now be patched using Ksplice

Systems running Fedora 28 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-0a771739b5.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 28
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Use-after-free when reporting process exit or coredump.

The process event handling code fails to properly synchronize some of
its data structures. In rare cases, this can result in a use-after-free,
potentially resulting in a denial-of-service or information leak.

* NULL-pointer dereference when routing non-local multicast packet.

Due to missing thread synchronization, it is possible for an IPv4
multicast packet to be processed while its ingress device pointer is
NULL, resulting in a kernel crash and denial-of-service.

* Information leak when receiving l2tp packet over IPv6.

When receiving a Layer Two Tunneling Protocol packet over IPv6, the
addr_len field reported to userspace might be uninitialized kernel
memory. A malicious attacker might exploit this to gain information
about the running kernel.

* Undefined behavior when tunneling IPv6 over IPv4 with 6rd.

When tunneling IPv6 over IPv6 utilizing 6rd, the relay_prefixlen field
might be 32, potentially resulting in an outsized shift of a 32-bit
integer, an undefined behavior. This could potentially result in memory
corruption or a denial-of-service.

* Resource leak when destroying PPP socket.

When destroying a Point-to-Point Protocol socket, a missing error
condition could result in a leak of the destination net device
structure, potentially resulting in system instability or a hang.

* Resource leak when deleting FIB nexthop exception.

When removing an entry from the FIB nexthop exception table, a race
condition might cause the destination device structure to become leaked,
potentially resulting in system instability or a denial-of-service.

* NULL-pointer dereference when initializing SCTP stream.

When initializing a Stream Control Transmission Protocol connection, an
unhandled error case could result in a NULL-pointer dereference and
system denial-of-service.

* Denial-of-service when deleting VXLAN device.

If a packet is received on a VXLAN device while it is being deleted, a
race condition might cause an invalid pointer dereference, resulting in
a kernel crash and denial-of-service.

* Invalid memory access when switching between command modes on mlx4.

When switching between the events and polling modes on a Mellanox mlx4
network device, missing synchronization could allow pending callbacks to
point into freed memory, potentially resulting in memory corruption or a
denial-of-service.

* Permissions bypass setting mode on ipvlan slave devices.

The CAP_NET_ADMIN permission is not properly enforced for some on ipvlan
slave devices, potentially allowing a malicious user to change device
mode for other devices in the same ipvlan group.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.