[Ksplice-Fedora-30-updates] New Ksplice updates for Fedora 30 (FEDORA-2019-0eef22c0e3)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Nov 21 04:26:19 PST 2019
Synopsis: FEDORA-2019-0eef22c0e3 can now be patched using Ksplice
CVEs: CVE-2019-15098 CVE-2019-19048
Systems running Fedora 30 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2019-0eef22c0e3.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Fedora 30
install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2019-15098: NULL pointer dereference when using Atheros ath6kl usb driver.
A missing check when using Atheros ath6kl usb driver with a malicious
usb device could lead to a NULL pointer dereference. A local attacker
could use this flaw to cause a denial-of-service.
* CVE-2019-19048: Denial-of-service in Virtualbox guest ioctl().
A logic error when performing user data copying could result in a
resource leak and eventual memory exhaustion. A local user with access
to the "vboxguest" device could use this flaw to crash the system.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Fedora-30-Updates
mailing list