[Ksplice-Fedora-29-updates] New Ksplice updates for Fedora 29 (FEDORA-2019-93144c6642)

Fri Mar 1 16:56:54 PST 2019

Synopsis: FEDORA-2019-93144c6642 can now be patched using Ksplice

Systems running Fedora 29 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-93144c6642.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 29
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Invalid memory access in L2TP during receive.

A failure to properly account for all optional fields in a L2TPv2
header could result in an out-of-bounds memory access in the L2TP code.
This could be potentially exploited to cause a denial-of-service attack.

* Denial-of-service in ROSE transmit with internally generated frames.

A missed NULL check in the rose transmit code could result in a NULL
pointer access and subsequent kernel panic.  This could be used to
cause a denial-of-service.

* NULL pointer dereference with dummy NetDev device during socket polling.

A failure to properly initialize things in the netdev code could cause a
NULL pointer dereference and possibly kernel panic or memory corruption
when busy-polling a socket associated with the device.  This could be
exploited to cause a denial-of-service.

* Denial-of-service in IPv6 multicast route socket close.

A logic error in the ipv6 multicast code could lead to an
uninitialized memory access and subsequent memory corruption or kernel
crash.  This could be used to cause a denial-of-service.

* Denial-of-service with Mellanox MLX5 E-switch as a vport group manager.

A logic error in the mlx5 code could cause an uninitialized memory access
for cases with an e-switch which is a vport group manager but not
e-switch manager.  This could be used for a denial-of-service.

* Deadlock in Transport Security Layer (TLS) asynchronous transmissions.

A race condition with the locking in the TLS code could result in a deadlock.
This could be used to cause a denial-of-service attack.

* Denial-of-service in VirtIO transmit with XDP frames.

A logic error in the cleanup of the virtio transmission could result
in invalid memory access and subsequent kernel oops.  This could be
used to cause a denial-of-service.

* Denial-of-service in CIFS asynchronous non-cached I/O.

Logic errors in the CIFS code could result in memory leaks or a NULL
pointer dereference, which could be used to cause a denial-of-service.

* Use-after-free in CIFS lease keys.

A logic error in CIFS could result in a use-after-free condition and
possible memory corruption or kernel panic.  This could be exploited
to cause a denial-of-service attack.

* Denial-of-service in Intel IOMMU reserved memory regions.

A logic error in the Intel iommu code could result in a memory leak
with some reserved regions never being freed.  This could be used for
a denial-of-service attack.

* Memory corruption in Infiniband HFI1 loopback send.

A logic error in the Infiniband code could lead to memory corruption
and kernel panic.  This could be used for a denial-of-service.

* Deadlock in BTRFS when allocating new blocks.

Errors in the btrfs code when allocating new tree blocks could result in a deadlock
over a shared lock.  This could be exploited to cause a denial-of-service attack.

* NULL pointer dereference when scanning movable gigantic hugepages.

A logic error in the hugepages code could result in a NULL pointer
dereference and possible kernel panic.  This could be used for a
denial-of-service attack.

* Use-after-free in OOM process killing.

A race condition in the OOM code could result in a use-after-free
if the process to be killed exits before it is killed.  This could
be exploited for a denial-of-service.

* NULL pointer dereference in hwpoison memory failure.

A face condition in the hwpoison code could lead to a NULL pointer
dereference and possible kernel panic.  This could be used to cause
a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.