[Ksplice-Fedora-30-updates] New Ksplice updates for Fedora 30 (FEDORA-2019-057d691fd4)
Oracle Ksplice
ksplice-support_ww at oracle.com
Wed Nov 13 11:56:41 PST 2019
Synopsis: FEDORA-2019-057d691fd4 can now be patched using Ksplice
CVEs: CVE-2019-16746
Systems running Fedora 30 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-057d691fd4.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 30
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Use-after-free during ATUSB device disconnect.
The ATUSB driver attempts to access a previously freed structure in its
device disconnect path. The flaw could potentially be exploited using
a specially crafted USB device to cause a system to exhibit unexpected
behavior, including a potential denial-of-service.
* CVE-2019-16746: Potential buffer overflow when processing IEEE80211 beacon head.
A failure to validate the beacon frame header along with other beacon
frame attributes can lead to malformed data eventually being processed.
This can potentially be exploited by a remote attacker to cause a buffer
overflow, which can be leveraged to perform other types of attacks.
* NULL dereference in NFSv4 attribute encoding path.
In certain cases it is possible for the encode_attrs function to attempt
to dereference a NULL pointer, even after attempting to check to ensure
that the pointer is not NULL. This flaw could potentially be exploited
by a local or remote attacker to cause a denial-of-service.
* Memory leak in Character Device in Userspace init path.
If certain operations fail when attempting to initialize a CUSE device
small amounts of memory will be leaked. This flaw could be exploited
by a local attacker to waste system resources and degrade performance.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-30-Updates
mailing list